Vulnerabilities > Solarwinds > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-02-10 CVE-2020-27870 Unspecified vulnerability in Solarwinds Orion Platform 2020.2.1
This vulnerability allows remote attackers to disclose sensitive information on affected installations of SolarWinds Orion Platform 2020.2.1.
network
low complexity
solarwinds
6.5
6.5
2021-02-03 CVE-2020-35482 Cross-site Scripting vulnerability in Solarwinds Serv-U
SolarWinds Serv-U before 15.2.2 allows authenticated reflected XSS.
network
low complexity
solarwinds CWE-79
5.4
5.4
2021-02-03 CVE-2020-28001 Cross-site Scripting vulnerability in Solarwinds Serv-U
SolarWinds Serv-U before 15.2.2 allows Authenticated Stored XSS.
network
low complexity
solarwinds CWE-79
5.4
5.4
2021-02-03 CVE-2020-27994 Path Traversal vulnerability in Solarwinds Serv-U
SolarWinds Serv-U before 15.2.2 allows Authenticated Directory Traversal.
network
low complexity
solarwinds CWE-22
6.5
6.5
2021-01-15 CVE-2019-16961 Cross-site Scripting vulnerability in Solarwinds web Help Desk 12.7.0
SolarWinds Web Help Desk 12.7.0 allows XSS via a Schedule Name.
network
low complexity
solarwinds CWE-79
5.4
5.4
2021-01-06 CVE-2019-16954 Cross-site Scripting vulnerability in Solarwinds web Help Desk 12.7.0
SolarWinds Web Help Desk 12.7.0 allows HTML injection via a Comment in a Help Request ticket.
network
low complexity
solarwinds CWE-79
5.4
5.4
2021-01-04 CVE-2019-16960 Cross-site Scripting vulnerability in Solarwinds web Help Desk 12.7.0
SolarWinds Web Help Desk 12.7.0 allows XSS via a CSV template file with a crafted Location Name field.
network
low complexity
solarwinds CWE-79
5.4
5.4
2021-01-04 CVE-2019-16956 Cross-site Scripting vulnerability in Solarwinds web Help Desk 12.7.0
SolarWinds Web Help Desk 12.7.0 allows XSS via the Request Type parameter of a ticket.
network
low complexity
solarwinds CWE-79
5.4
5.4
2020-12-21 CVE-2019-16959 Improper Neutralization of Formula Elements in a CSV File vulnerability in Solarwinds Webhelpdesk 12.7.0
SolarWinds Web Help Desk 12.7.0 allows CSV Injection, also known as Formula Injection, via a file attached to a ticket.
network
low complexity
solarwinds CWE-1236
6.5
6.5
2020-12-18 CVE-2019-16957 Cross-site Scripting vulnerability in Solarwinds Webhelpdesk 12.7.0
SolarWinds Web Help Desk 12.7.0 allows XSS via the First Name field of a User Account.
network
low complexity
solarwinds CWE-79
5.4
5.4