Vulnerabilities > Solarwinds > Webhelpdesk > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-12-27 CVE-2021-35232 Use of Hard-coded Credentials vulnerability in Solarwinds Webhelpdesk
Hard coded credentials discovered in SolarWinds Web Help Desk product.
local
low complexity
solarwinds CWE-798
6.1
6.1
2020-12-21 CVE-2019-16959 Improper Neutralization of Formula Elements in a CSV File vulnerability in Solarwinds Webhelpdesk 12.7.0
SolarWinds Web Help Desk 12.7.0 allows CSV Injection, also known as Formula Injection, via a file attached to a ticket.
network
low complexity
solarwinds CWE-1236
6.5
6.5
2020-12-18 CVE-2019-16957 Cross-site Scripting vulnerability in Solarwinds Webhelpdesk 12.7.0
SolarWinds Web Help Desk 12.7.0 allows XSS via the First Name field of a User Account.
network
low complexity
solarwinds CWE-79
5.4
5.4
2020-12-18 CVE-2019-16955 Cross-site Scripting vulnerability in Solarwinds Webhelpdesk 12.7.0
SolarWinds Web Help Desk 12.7.0 allows XSS via an uploaded SVG document in a request.
network
low complexity
solarwinds CWE-79
5.4
5.4