CVE-2019-16956

SolarWinds Web Help Desk 12.7.0 allows XSS via the Request Type parameter of a ticket.

CVE-2021-35251

Sensitive information could be displayed when a detailed technical error message is posted. This information could disclose environmental details about the Web Help Desk installation.

CVE-2019-16960

SolarWinds Web Help Desk 12.7.0 allows XSS via a CSV template file with a crafted Location Name field.

CVE-2024-45709

SolarWinds Web Help Desk was susceptible to a local file read vulnerability. This vulnerability requires the software be installed on Linux and configured to use non-default development/test mode making exposure to the vulnerability very limited.

CVE-2021-32076

Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2. An attacker can access the 'Web Help Desk Getting Started Wizard', especially the admin account creation page, from a non-privileged IP address network range or loopback address by intercepting the HTTP ...

CVE-2019-16961

SolarWinds Web Help Desk 12.7.0 allows XSS via a Schedule Name.

CVE-2024-28989

SolarWinds Web Help Desk was found to have a hardcoded cryptographic key that could allow the disclosure of sensitive information from the software.

CVE-2019-16954

SolarWinds Web Help Desk 12.7.0 allows HTML injection via a Comment in a Help Request ticket.