SolarWinds DPA Stored XSS Enables Script Execution
CVE-2026-28322 Published on June 30, 2026

SolarWinds Database Performance Analyzer Stored Cross-Site Scripting Vulnerability
SolarWinds Database Performance Analyzer was found to be affected by a stored cross-site scripting vulnerability, which when exploited, can lead to unintended script execution.

Vendor Advisory NVD

Vulnerability Analysis

Attack Vector:
ADJACENT_NETWORK
Attack Complexity:
HIGH
Privileges Required:
HIGH
User Interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
NONE

Weakness Type

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.


Products Associated with CVE-2026-28322

Want to know whenever a new CVE is published for SolarWinds Database Performance Analyzer? stack.watch will email you.

 

Affected Versions

SolarWinds Database Performance Analyzer Version 2026.1 and below is affected by CVE-2026-28322