Skip to main content

Database Performance Analyzer

6 CVEs product

Monthly

CVE-2026-28322 MEDIUM This Month

Stored cross-site scripting in SolarWinds Database Performance Analyzer enables a highly privileged, adjacent-network attacker to persist malicious scripts in the application that execute within other users' browsers upon page load. The CVSS vector (AV:A/AC:H/PR:H/UI:R) imposes substantial constraints - adjacency, high complexity, admin-level credentials, and victim interaction are all required - limiting realistic risk to insider-threat or post-compromise scenarios. No public exploit code and no CISA KEV listing have been identified at time of analysis.

XSS Database Performance Analyzer
NVD
CVSS 3.1
5.6
EPSS
0.2%
CVE-2025-26398 MEDIUM PATCH This Month

SolarWinds Database Performance Analyzer was found to contain a hard-coded cryptographic key. Rated medium severity (CVSS 5.6). This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass Database Performance Analyzer
NVD
CVSS 3.1
5.6
EPSS
0.0%
CVE-2023-33231 MEDIUM PATCH This Month

XSS attack was possible in DPA 2023.2 due to insufficient input validation. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Database Performance Analyzer
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-23838 MEDIUM This Month

Directory traversal and file enumeration vulnerability which allowed users to enumerate to different folders of the server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Database Performance Analyzer
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2023-23837 HIGH This Week

No exception handling vulnerability which revealed sensitive or excessive information to users. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Database Performance Analyzer
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2021-35228 MEDIUM This Month

This vulnerability occurred due to missing input sanitization for one of the output fields that is extracted from headers on specific section of page causing a reflective cross site scripting attack. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XSS Database Performance Analyzer
NVD
CVSS 3.1
4.7
EPSS
0.6%
EPSS 0% CVSS 5.6
MEDIUM This Month

Stored cross-site scripting in SolarWinds Database Performance Analyzer enables a highly privileged, adjacent-network attacker to persist malicious scripts in the application that execute within other users' browsers upon page load. The CVSS vector (AV:A/AC:H/PR:H/UI:R) imposes substantial constraints - adjacency, high complexity, admin-level credentials, and victim interaction are all required - limiting realistic risk to insider-threat or post-compromise scenarios. No public exploit code and no CISA KEV listing have been identified at time of analysis.

XSS Database Performance Analyzer
NVD
EPSS 0% CVSS 5.6
MEDIUM PATCH This Month

SolarWinds Database Performance Analyzer was found to contain a hard-coded cryptographic key. Rated medium severity (CVSS 5.6). This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass Database Performance Analyzer
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

XSS attack was possible in DPA 2023.2 due to insufficient input validation. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Database Performance Analyzer
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Directory traversal and file enumeration vulnerability which allowed users to enumerate to different folders of the server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Database Performance Analyzer
NVD
EPSS 1% CVSS 7.5
HIGH This Week

No exception handling vulnerability which revealed sensitive or excessive information to users. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Database Performance Analyzer
NVD
EPSS 1% CVSS 4.7
MEDIUM This Month

This vulnerability occurred due to missing input sanitization for one of the output fields that is extracted from headers on specific section of page causing a reflective cross site scripting attack. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XSS Database Performance Analyzer
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy