Vulnerabilities > Solarwinds

DATE CVE VULNERABILITY TITLE RISK
2021-01-15 CVE-2019-16961 Cross-Site Scripting vulnerability in Solarwinds web Help Desk 12.7.0
SolarWinds Web Help Desk 12.7.0 allows XSS via a Schedule Name.
network
solarwinds CWE-79
3.5
2021-01-06 CVE-2019-16954 Injection vulnerability in Solarwinds web Help Desk 12.7.0
SolarWinds Web Help Desk 12.7.0 allows HTML injection via a Comment in a Help Request ticket.
network
solarwinds CWE-74
4.9
2021-01-04 CVE-2019-16960 Cross-Site Scripting vulnerability in Solarwinds web Help Desk 12.7.0
SolarWinds Web Help Desk 12.7.0 allows XSS via a CSV template file with a crafted Location Name field.
network
solarwinds CWE-79
3.5
2021-01-04 CVE-2019-16956 Cross-Site Scripting vulnerability in Solarwinds web Help Desk 12.7.0
SolarWinds Web Help Desk 12.7.0 allows XSS via the Request Type parameter of a ticket.
network
solarwinds CWE-79
3.5
2020-12-29 CVE-2020-10148 Improper Authentication vulnerability in Solarwinds Orion Platform 2019.4/2020.2/2020.2.1
The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands.
network
low complexity
solarwinds CWE-287
7.5
2020-12-21 CVE-2019-16959 Injection vulnerability in Solarwinds Webhelpdesk 12.7.0
SolarWinds Web Help Desk 12.7.0 allows CSV Injection, also known as Formula Injection, via a file attached to a ticket.
network
low complexity
solarwinds CWE-74
4.0
2020-12-18 CVE-2019-16957 Cross-Site Scripting vulnerability in Solarwinds Webhelpdesk 12.7.0
SolarWinds Web Help Desk 12.7.0 allows XSS via the First Name field of a User Account.
network
solarwinds CWE-79
3.5
2020-12-18 CVE-2019-16955 Cross-Site Scripting vulnerability in Solarwinds Webhelpdesk 12.7.0
SolarWinds Web Help Desk 12.7.0 allows XSS via an uploaded SVG document in a request.
network
solarwinds CWE-79
3.5
2020-12-16 CVE-2020-25622 Cross-Site Request Forgery (CSRF) vulnerability in Solarwinds N-Central 12.3.0.670
An issue was discovered in SolarWinds N-Central 12.3.0.670.
6.8
2020-12-16 CVE-2020-25621 Improper Authentication vulnerability in Solarwinds N-Central 12.3.0.670
An issue was discovered in SolarWinds N-Central 12.3.0.670.
local
low complexity
solarwinds CWE-287
2.1