Vulnerabilities > Solarwinds > Webhelpdesk
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-25 | CVE-2021-35254 | Unspecified vulnerability in Solarwinds Webhelpdesk SolarWinds received a report of a vulnerability related to an input that was not sanitized in WebHelpDesk. | 8.8 |
| 2021-12-27 | CVE-2021-35232 | Use of Hard-coded Credentials vulnerability in Solarwinds Webhelpdesk Hard coded credentials discovered in SolarWinds Web Help Desk product. | 6.1 |
| 2020-12-21 | CVE-2019-16959 | Injection vulnerability in Solarwinds Webhelpdesk 12.7.0 SolarWinds Web Help Desk 12.7.0 allows CSV Injection, also known as Formula Injection, via a file attached to a ticket. | 4.0 |
| 2020-12-18 | CVE-2019-16957 | Cross-site Scripting vulnerability in Solarwinds Webhelpdesk 12.7.0 SolarWinds Web Help Desk 12.7.0 allows XSS via the First Name field of a User Account. | 3.5 |
| 2020-12-18 | CVE-2019-16955 | Cross-site Scripting vulnerability in Solarwinds Webhelpdesk 12.7.0 SolarWinds Web Help Desk 12.7.0 allows XSS via an uploaded SVG document in a request. | 3.5 |
| 2020-04-27 | CVE-2019-20002 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Solarwinds Webhelpdesk 12.7.1 Formula Injection exists in the export feature in SolarWinds WebHelpDesk 12.7.1 via a value (provided by a low-privileged user in the Subject field of a help request form) that is mishandled in a TicketActions/view?tab=group TSV export by an admin user. | 7.8 |