exploitDog

CVE-2018-19386

Опубликовано: 14 авг. 2019

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Средний

Описание

SolarWinds Database Performance Analyzer 11.1.457 contains an instance of Reflected XSS in its idcStateError component, where the page parameter is reflected into the HREF of the 'Try Again' Button on the page, aka a /iwc/idcStateError.iwc?page= URI.

Ссылки

https://i.imgur.com/Y7t2AD6.png
Exploit
Third Party Advisory
https://medium.com/greenwolf-security/reflected-xss-in-solarwinds-database-performance-analyzer-988bd7a5cd5
Exploit
Third Party Advisory
https://i.imgur.com/Y7t2AD6.png
Exploit
Third Party Advisory
https://medium.com/greenwolf-security/reflected-xss-in-solarwinds-database-performance-analyzer-988bd7a5cd5
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:solarwinds:database_performance_analyzer:11.1.457:*:*:*:*:*:*:*

EPSS

Процентиль: 96%

0.23271

Средний

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-f57c-5gfr-jp86

CVSS3: 6.1

github

больше 3 лет назад

SolarWinds Database Performance Analyzer 11.1.457 contains an instance of Reflected XSS in its idcStateError component, where the page parameter is reflected into the HREF of the 'Try Again' Button on the page, aka a /iwc/idcStateError.iwc?page= URI.

EPSS

Процентиль: 96%

0.23271

Средний

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79