Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Web Help Desk Security Vulnerabilities

cve
cve

CVE-2009-0303

Cross-site scripting (XSS) vulnerability in Web Help Desk before 9.1.18 allows remote attackers to inject arbitrary web script or HTML via vectors related to "encoded JavaScript" and...

5.8AI Score

0.001EPSS

2022-10-03 04:24 PM
29
cve
cve

CVE-2021-35251

Sensitive information could be displayed when a detailed technical error message is posted. This information could disclose environmental details about the Web Help Desk...

5.3CVSS

5.1AI Score

0.001EPSS

2022-03-10 05:42 PM
64
cve
cve

CVE-2021-35232

Hard coded credentials discovered in SolarWinds Web Help Desk product. Through these credentials, the attacker with local access to the Web Help Desk host machine allows to execute arbitrary HQL queries against the database and leverage the vulnerability to steal the password hashes of the users...

6.8CVSS

6.6AI Score

0.0004EPSS

2021-12-27 07:15 PM
36
cve
cve

CVE-2021-35243

The HTTP PUT and DELETE methods were enabled in the Web Help Desk web server (12.7.7 and earlier), allowing users to execute dangerous HTTP requests. The HTTP PUT method is normally used to upload data that is saved on the server with a user-supplied URL. While the DELETE method requests that the.....

7.5CVSS

7.7AI Score

0.001EPSS

2021-12-23 08:15 PM
31
cve
cve

CVE-2021-32076

Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2. An attacker can access the 'Web Help Desk Getting Started Wizard', especially the admin account creation page, from a non-privileged IP address network range or loopback address by intercepting the HTTP....

5.3CVSS

5.2AI Score

0.001EPSS

2021-08-26 03:15 PM
29
cve
cve

CVE-2019-16961

SolarWinds Web Help Desk 12.7.0 allows XSS via a Schedule...

5.4CVSS

5.2AI Score

0.001EPSS

2021-01-15 02:15 PM
30
1
cve
cve

CVE-2019-16954

SolarWinds Web Help Desk 12.7.0 allows HTML injection via a Comment in a Help Request...

5.4CVSS

5.6AI Score

0.001EPSS

2021-01-06 05:15 PM
16
cve
cve

CVE-2019-16956

SolarWinds Web Help Desk 12.7.0 allows XSS via the Request Type parameter of a...

5.4CVSS

5.3AI Score

0.001EPSS

2021-01-04 08:15 AM
178
4
cve
cve

CVE-2019-16960

SolarWinds Web Help Desk 12.7.0 allows XSS via a CSV template file with a crafted Location Name...

5.4CVSS

5.1AI Score

0.001EPSS

2021-01-04 08:15 AM
53
cve
cve

CVE-2009-1261

Multiple cross-site scripting (XSS) vulnerabilities in Web Help Desk 9.1.22 (evaluation version) allow remote attackers to inject arbitrary web script or HTML via the (1) Report Name, (2) Asset No., and (3) Full Name fields in a Models action. NOTE: the provenance of this information is unknown;...

5.7AI Score

0.003EPSS

2009-04-07 11:30 PM
19