Vulnerabilities > Solarwinds > Webhelpdesk
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-03-25 | CVE-2021-35254 | Unspecified vulnerability in Solarwinds Webhelpdesk SolarWinds received a report of a vulnerability related to an input that was not sanitized in WebHelpDesk. | 8.8 |
2021-12-27 | CVE-2021-35232 | Use of Hard-coded Credentials vulnerability in Solarwinds Webhelpdesk Hard coded credentials discovered in SolarWinds Web Help Desk product. | 6.1 |
2020-12-21 | CVE-2019-16959 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Solarwinds Webhelpdesk 12.7.0 SolarWinds Web Help Desk 12.7.0 allows CSV Injection, also known as Formula Injection, via a file attached to a ticket. | 6.5 |
2020-12-18 | CVE-2019-16957 | Cross-site Scripting vulnerability in Solarwinds Webhelpdesk 12.7.0 SolarWinds Web Help Desk 12.7.0 allows XSS via the First Name field of a User Account. | 5.4 |
2020-12-18 | CVE-2019-16955 | Cross-site Scripting vulnerability in Solarwinds Webhelpdesk 12.7.0 SolarWinds Web Help Desk 12.7.0 allows XSS via an uploaded SVG document in a request. | 5.4 |
2020-04-27 | CVE-2019-20002 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Solarwinds Webhelpdesk 12.7.1 Formula Injection exists in the export feature in SolarWinds WebHelpDesk 12.7.1 via a value (provided by a low-privileged user in the Subject field of a help request form) that is mishandled in a TicketActions/view?tab=group TSV export by an admin user. | 7.8 |