CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-35229 – Cross-Site Scripting Vulnerability using SQL Query
https://notcve.org/view.php?id=CVE-2021-35229
Cross-site scripting vulnerability is present in Database Performance Monitor 2022.1.7779 and previous versions when using a complex SQL query Se presenta una vulnerabilidad de tipo Cross-site scripting en Database Performance Monitor versiones 2022.1.7779 y versiones anteriores, cuando es usada una consulta SQL compleja • https://documentation.solarwinds.com/en/success_center/dpa/content/release_notes/dpa_2022-2_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35229 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2018-16243
https://notcve.org/view.php?id=CVE-2018-16243
SolarWinds Database Performance Analyzer (DPA) 11.1.468 and 12.0.3074 have several persistent XSS vulnerabilities, related to logViewer.iwc, centralManage.cen, userAdministration.iwc, database.iwc, alertManagement.iwc, eventAnnotations.iwc, and central.cen. SolarWinds Database Performance Analyzer (DPA) versiones 11.1.468 y 12.0.3074, presentan varias vulnerabilidades de tipo XSS persistente, relacionadas con los archivos logViewer.iwc, centralManage.cen, userAdministration.iwc, database.iwc, alertManagement.iwc, eventAnnotations.iwc y central.cen • https://gist.github.com/james-otten/d3ee2f0fccc3b87aafe1616a6c2c2d4e • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •