Vulnerabilities > Solarwinds > Webhelpdesk

DATE CVE VULNERABILITY TITLE RISK
2022-03-25 CVE-2021-35254 Unspecified vulnerability in Solarwinds Webhelpdesk
SolarWinds received a report of a vulnerability related to an input that was not sanitized in WebHelpDesk.
network
low complexity
solarwinds
8.8
2021-12-27 CVE-2021-35232 Use of Hard-coded Credentials vulnerability in Solarwinds Webhelpdesk
Hard coded credentials discovered in SolarWinds Web Help Desk product.
local
low complexity
solarwinds CWE-798
6.1
2020-12-21 CVE-2019-16959 Injection vulnerability in Solarwinds Webhelpdesk 12.7.0
SolarWinds Web Help Desk 12.7.0 allows CSV Injection, also known as Formula Injection, via a file attached to a ticket.
network
low complexity
solarwinds CWE-74
4.0
2020-12-18 CVE-2019-16957 Cross-site Scripting vulnerability in Solarwinds Webhelpdesk 12.7.0
SolarWinds Web Help Desk 12.7.0 allows XSS via the First Name field of a User Account.
network
solarwinds CWE-79
3.5
2020-12-18 CVE-2019-16955 Cross-site Scripting vulnerability in Solarwinds Webhelpdesk 12.7.0
SolarWinds Web Help Desk 12.7.0 allows XSS via an uploaded SVG document in a request.
network
solarwinds CWE-79
3.5
2020-04-27 CVE-2019-20002 Improper Neutralization of Formula Elements in a CSV File vulnerability in Solarwinds Webhelpdesk 12.7.1
Formula Injection exists in the export feature in SolarWinds WebHelpDesk 12.7.1 via a value (provided by a low-privileged user in the Subject field of a help request form) that is mishandled in a TicketActions/view?tab=group TSV export by an admin user.
local
low complexity
solarwinds CWE-1236
7.8