6 matches found
CVE-2021-35254
CVE-2021-35254 affects SolarWinds WebHelpDesk (12.7.8 and earlier). The issue stems from an input that was not sanitized/validated, enabling exploitation. Public records describe this as an authenticated remote code execution risk. SolarWinds mitigated by removing the vulnerable input field to pr...
CVE-2021-35232
CVE-2021-35232 affects SolarWinds Web Help Desk versions up to and including 12.7.6. It arises from hard-coded credentials that permit a local attacker with access to the Web Help Desk host to execute arbitrary HQL queries against the database, enabling theft of user password hashes or insertion ...
CVE-2019-16957
SolarWinds Web Help Desk 12.7.0 is affected by a Cross‑Site Scripting (XSS) vulnerability that can be triggered via the First Name field of a User Account. The issue is documented in CVE-2019-16957 and is consistently described across multiple feeds (NVD, Red Hat, CNVD, CVE lists). The connected ...
CVE-2019-16955
CVE-2019-16955 affects SolarWinds Web Help Desk 12.7.0 and is a cross-site scripting (XSS) vulnerability triggered by an uploaded SVG document in a request. The root cause is improper handling of SVG uploads leading to script injection. Public documents (NVD, Red Hat, CNVD) confirm the issue; no ...
CVE-2019-16959
SolarWinds Web Help Desk 12.7.0 is affected by a CSV Injection (Formula Injection) vulnerability via a file attached to a ticket. The issue is described consistently across sources (CVE-2019-16959, Red Hat CVE page, NVD record). The exact root cause is not elaborated beyond the CSV/Formula Inject...
CVE-2019-20002
SolarWinds WebHelpDesk 12.7.1 contains a Formula Injection vulnerability in the export feature. A low-privileged user can provide a value in the Subject field of a help request form, which is mishandled during a TSV export performed by an admin user via TicketActions/view?tab=group. This leads to...