Lucene search

K

Webhelpdesk Security Vulnerabilities - 2020

cve

SolarWinds Web Help Desk 12.7.0 allows XSS via an uploaded SVG document in a request.

5.4CVSS

5.2AI Score

0.001EPSS

2020-12-18 09:15 AM

41

cve

SolarWinds Web Help Desk 12.7.0 allows XSS via the First Name field of a User Account.

5.4CVSS

5.2AI Score

0.001EPSS

2020-12-18 09:15 AM

35

1

cve

SolarWinds Web Help Desk 12.7.0 allows CSV Injection, also known as Formula Injection, via a file attached to a ticket.

6.5CVSS

6.4AI Score

0.001EPSS

2020-12-21 04:15 PM

22

2

cve

Formula Injection exists in the export feature in SolarWinds WebHelpDesk 12.7.1 via a value (provided by a low-privileged user in the Subject field of a help request form) that is mishandled in a TicketActions/view?tab=group TSV export by an admin user.

7.8CVSS

7.7AI Score

0.001EPSS

2020-04-27 03:15 PM

25