cbcvebase.
CVE-2021-35228
published 2021-10-21

CVE-2021-35228: This vulnerability occurred due to missing input sanitization for one of the output fields that is extracted from headers on specific section of page causing a…

PriorityP420medium4.7CVSS 3.1
AVNACHPRNUIRSCCLILAN
EPSS
0.56%
42.2th percentile
This vulnerability occurred due to missing input sanitization for one of the output fields that is extracted from headers on specific section of page causing a reflective cross site scripting attack. An attacker would need to perform a Man in the Middle attack in order to change header for a remote victim.

Affected

2 ranges
VendorProductVersion rangeFixed in
solarwindsdatabase_performance_analyzer
solarwindssolarwinds>= DPA 2021.3.7388 < 2021.3.73882021.3.7388

CVSS provenance

nvdv3.14.7MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.02.6LOWAV:N/AC:H/Au:N/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.