Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2020-12-18	CVE-2019-16955	Cross-site Scripting vulnerability in Solarwinds Webhelpdesk 12.7.0 SolarWinds Web Help Desk 12.7.0 allows XSS via an uploaded SVG document in a request. network low complexity solarwinds CWE-79	5.4
2020-12-16	CVE-2020-25619	Unspecified vulnerability in Solarwinds N-Central 12.3.0.670 An issue was discovered in SolarWinds N-Central 12.3.0.670. local low complexity solarwinds	4.4
2020-12-15	CVE-2018-16243	Cross-site Scripting vulnerability in Solarwinds Database Performance Analyzer 11.1.468/12.0.3074 SolarWinds Database Performance Analyzer (DPA) 11.1.468 and 12.0.3074 have several persistent XSS vulnerabilities, related to logViewer.iwc, centralManage.cen, userAdministration.iwc, database.iwc, alertManagement.iwc, eventAnnotations.iwc, and central.cen. network low complexity solarwinds CWE-79	5.4
2020-12-01	CVE-2019-16958	Cross-site Scripting vulnerability in Solarwinds Help Desk 12.7.0 Cross-site Scripting (XSS) vulnerability in SolarWinds Web Help Desk 12.7.0 allows attacker to inject arbitrary web script or HTML via Location Name. network low complexity solarwinds CWE-79	5.4
2020-10-19	CVE-2020-15910	Incorrect Permission Assignment for Critical Resource vulnerability in Solarwinds N-Central 12.3 SolarWinds N-Central version 12.3 GA and lower does not set the JSESSIONID attribute to HTTPOnly. network low complexity solarwinds CWE-732	4.7
2020-07-07	CVE-2020-15575	Cross-site Scripting vulnerability in Solarwinds Serv-U SolarWinds Serv-U File Server before 15.2.1 allows XSS as demonstrated by Tenable Scan, aka Case Number 00484194. network low complexity solarwinds CWE-79	6.1
2020-07-07	CVE-2020-15573	Cross-site Scripting vulnerability in Solarwinds Serv-U SolarWinds Serv-U File Server before 15.2.1 has a "Cross-script vulnerability," aka Case Numbers 00041778 and 00306421. network low complexity solarwinds CWE-79	6.1
2020-06-24	CVE-2020-14007	Cross-site Scripting vulnerability in Solarwinds products Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows XSS via a name of an alert definition. network low complexity solarwinds CWE-79	5.4
2020-06-24	CVE-2020-14006	Cross-site Scripting vulnerability in Solarwinds products Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows XSS via a Responsible Team. network low complexity solarwinds CWE-79	5.4
2020-05-04	CVE-2019-12864	Information Exposure Through an Error Message vulnerability in Solarwinds products SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) is vulnerable to Information Leakage, because of improper error handling with stack traces, as demonstrated by discovering a full pathname upon a 500 Internal Server Error via the api2/swis/query?lang=en-us&swAlertOnError=false query parameter. local low complexity solarwinds CWE-209	5.5