SolarWinds Web Help Desk 12.7.0 allows XSS via an uploaded SVG document in a request.
5.4CVSS
5.2AI Score
0.001EPSS
SolarWinds Web Help Desk 12.7.0 allows XSS via the First Name field of a User Account.
5.4CVSS
5.2AI Score
0.001EPSS
SolarWinds Web Help Desk 12.7.0 allows CSV Injection, also known as Formula Injection, via a file attached to a ticket.
6.5CVSS
6.4AI Score
0.001EPSS
Formula Injection exists in the export feature in SolarWinds WebHelpDesk 12.7.1 via a value (provided by a low-privileged user in the Subject field of a help request form) that is mishandled in a TicketActions/view?tab=group TSV export by an admin user.
7.8CVSS
7.7AI Score
0.001EPSS