Vulnerabilities > Solarwinds > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-15 | CVE-2019-16961 | Cross-site Scripting vulnerability in Solarwinds web Help Desk 12.7.0 SolarWinds Web Help Desk 12.7.0 allows XSS via a Schedule Name. | 5.4 |
| 2021-01-06 | CVE-2019-16954 | Cross-site Scripting vulnerability in Solarwinds web Help Desk 12.7.0 SolarWinds Web Help Desk 12.7.0 allows HTML injection via a Comment in a Help Request ticket. | 5.4 |
| 2021-01-04 | CVE-2019-16960 | Cross-site Scripting vulnerability in Solarwinds web Help Desk 12.7.0 SolarWinds Web Help Desk 12.7.0 allows XSS via a CSV template file with a crafted Location Name field. | 5.4 |
| 2021-01-04 | CVE-2019-16956 | Cross-site Scripting vulnerability in Solarwinds web Help Desk 12.7.0 SolarWinds Web Help Desk 12.7.0 allows XSS via the Request Type parameter of a ticket. | 5.4 |
| 2020-12-21 | CVE-2019-16959 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Solarwinds Webhelpdesk 12.7.0 SolarWinds Web Help Desk 12.7.0 allows CSV Injection, also known as Formula Injection, via a file attached to a ticket. | 6.5 |
| 2020-12-18 | CVE-2019-16957 | Cross-site Scripting vulnerability in Solarwinds Webhelpdesk 12.7.0 SolarWinds Web Help Desk 12.7.0 allows XSS via the First Name field of a User Account. | 5.4 |
| 2020-12-18 | CVE-2019-16955 | Cross-site Scripting vulnerability in Solarwinds Webhelpdesk 12.7.0 SolarWinds Web Help Desk 12.7.0 allows XSS via an uploaded SVG document in a request. | 5.4 |
| 2020-12-16 | CVE-2020-25619 | Unspecified vulnerability in Solarwinds N-Central 12.3.0.670 An issue was discovered in SolarWinds N-Central 12.3.0.670. | 4.4 |
| 2020-12-15 | CVE-2018-16243 | Cross-site Scripting vulnerability in Solarwinds Database Performance Analyzer 11.1.468/12.0.3074 SolarWinds Database Performance Analyzer (DPA) 11.1.468 and 12.0.3074 have several persistent XSS vulnerabilities, related to logViewer.iwc, centralManage.cen, userAdministration.iwc, database.iwc, alertManagement.iwc, eventAnnotations.iwc, and central.cen. | 5.4 |
| 2020-12-01 | CVE-2019-16958 | Cross-site Scripting vulnerability in Solarwinds Help Desk 12.7.0 Cross-site Scripting (XSS) vulnerability in SolarWinds Web Help Desk 12.7.0 allows attacker to inject arbitrary web script or HTML via Location Name. | 5.4 |