CVE-2021-35229 – Cross-Site Scripting Vulnerability using SQL Query
https://notcve.org/view.php?id=CVE-2021-35229
Cross-site scripting vulnerability is present in Database Performance Monitor 2022.1.7779 and previous versions when using a complex SQL query Se presenta una vulnerabilidad de tipo Cross-site scripting en Database Performance Monitor versiones 2022.1.7779 y versiones anteriores, cuando es usada una consulta SQL compleja • https://documentation.solarwinds.com/en/success_center/dpa/content/release_notes/dpa_2022-2_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35229 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-19386
https://notcve.org/view.php?id=CVE-2018-19386
SolarWinds Database Performance Analyzer 11.1.457 contains an instance of Reflected XSS in its idcStateError component, where the page parameter is reflected into the HREF of the 'Try Again' Button on the page, aka a /iwc/idcStateError.iwc?page= URI. SolarWinds Database Performance Analyzer versión 11.1.457, contiene una instancia de vulnerabilidad XSS Reflejado en su componente idcStateError, donde el parámetro page es reflejado en el HREF del Botón "Try Again" sobre la página, también se conoce como un URI /iwc/idcStateError.iwc?page=. • https://i.imgur.com/Y7t2AD6.png https://medium.com/greenwolf-security/reflected-xss-in-solarwinds-database-performance-analyzer-988bd7a5cd5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •