CVE-2018-19386
published 2019-08-14CVE-2018-19386: SolarWinds Database Performance Analyzer 11.1.457 contains an instance of Reflected XSS in its idcStateError component, where the page parameter is reflected…
PriorityP343medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
9.04%
94.6th percentile
SolarWinds Database Performance Analyzer 11.1.457 contains an instance of Reflected XSS in its idcStateError component, where the page parameter is reflected into the HREF of the 'Try Again' Button on the page, aka a /iwc/idcStateError.iwc?page= URI.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| solarwinds | database_performance_analyzer | — | — |
CVSS provenance
nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
SolarWinds Database Performance Analyzer 11.1.457 - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2018-19386 [MEDIUM] SolarWinds Database Performance Analyzer 11.1.457 - Cross-Site Scripting
SolarWinds Database Performance Analyzer 11.1.457 - Cross-Site Scripting
SolarWinds Database Performance Analyzer 11.1.457 contains a reflected cross-site scripting vulnerability in its idcStateError component, where the page parameter is reflected into the HREF of the 'Try Again' Button on the page, aka a /iwc/idcStateError.iwc?page= URI.
Template:
id: CVE-2018-19386
info:
name: SolarWinds Database Performance Analyzer 11.1.457 - Cross-Site Scripting
author: pikpikcu
severity: medium
description: SolarWinds Database Performance Analyzer 11.1.457 contains a reflected cross-site scripting vulnerability in its idcStateError component, where the page parameter is reflected into the HREF of the 'Try Again' Button on the page, aka a /iwc/idcStateError.iwc?page= URI.
impact: |
Successful exp
Nuclei
SolarWinds Orion Security Checks
nuclei·CVSS 6.1
CVE-2018-19386 [MEDIUM] SolarWinds Orion Security Checks
SolarWinds Orion Security Checks
A simple workflow that runs all SolarWinds Orion related nuclei templates on a given target.
Template:
id: solarwinds-orion-workflow
info:
name: SolarWinds Orion Security Checks
author: dwisiswant0
description: A simple workflow that runs all SolarWinds Orion related nuclei templates on a given target.
workflows:
- template: http/exposed-panels/solarwinds-orion.yaml
subtemplates:
- template: http/cves/2018/CVE-2018-19386.yaml
- template: http/cves/2020/CVE-2020-10148.yaml
- template: http/default-logins/solarwinds/
2019-08-14
Published