Vulnerabilities > Solarwinds > WEB Help Desk > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-10 | CVE-2021-35251 | Information Exposure Through an Error Message vulnerability in Solarwinds web Help Desk Sensitive information could be displayed when a detailed technical error message is posted. | 5.3 |
| 2021-08-26 | CVE-2021-32076 | Authentication Bypass by Spoofing vulnerability in Solarwinds web Help Desk Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2. | 5.3 |
| 2021-01-15 | CVE-2019-16961 | Cross-site Scripting vulnerability in Solarwinds web Help Desk 12.7.0 SolarWinds Web Help Desk 12.7.0 allows XSS via a Schedule Name. | 5.4 |
| 2021-01-06 | CVE-2019-16954 | Cross-site Scripting vulnerability in Solarwinds web Help Desk 12.7.0 SolarWinds Web Help Desk 12.7.0 allows HTML injection via a Comment in a Help Request ticket. | 5.4 |
| 2021-01-04 | CVE-2019-16960 | Cross-site Scripting vulnerability in Solarwinds web Help Desk 12.7.0 SolarWinds Web Help Desk 12.7.0 allows XSS via a CSV template file with a crafted Location Name field. | 5.4 |
| 2021-01-04 | CVE-2019-16956 | Cross-site Scripting vulnerability in Solarwinds web Help Desk 12.7.0 SolarWinds Web Help Desk 12.7.0 allows XSS via the Request Type parameter of a ticket. | 5.4 |