Summary

The vulnerability occurred due to missing input sanitization for one of the output fields extracted from headers on a specific section of a page. An attacker would need to perform a “Man in the Middle” attack to change a header for a remote victim. causing a reflective cross site scripting attack affecting SolarWinds DPA v2021.3.7388.

Affected Products

• DPA 2021.3.7388

Fixed Software Release

• DPA 2021.3.7438

Acknowledgments

• Faris Roslin