Webhelpdesk Security Vulnerabilities and Issues — Webhelpdesk CVE List

Lucene search

SolarwindsWebhelpdesk

6 matches found

CVE•added 2022/03/25 7:15 p.m.•76 views

CVE-2021-35254

SolarWinds received a report of a vulnerability related to an input that was not sanitized in WebHelpDesk. SolarWinds has removed this input field to prevent the misuse of this input in the future.

8.8CVSS8.5AI score0.00175EPSS

CVE•added 2021/12/27 7:15 p.m.•55 views

CVE-2021-35232

Hard coded credentials discovered in SolarWinds Web Help Desk product. Through these credentials, the attacker with local access to the Web Help Desk host machine allows to execute arbitrary HQL queries against the database and leverage the vulnerability to steal the password hashes of the users or...

6.8CVSS6.6AI score0.00316EPSS

CVE•added 2020/12/18 9:15 a.m.•50 views

CVE-2019-16955

SolarWinds Web Help Desk 12.7.0 allows XSS via an uploaded SVG document in a request.

5.4CVSS5.2AI score0.01934EPSS

CVE•added 2020/12/18 9:15 a.m.•48 views

CVE-2019-16957

SolarWinds Web Help Desk 12.7.0 allows XSS via the First Name field of a User Account.

5.4CVSS5.2AI score0.02185EPSS

CVE•added 2020/12/21 4:15 p.m.•34 views

CVE-2019-16959

SolarWinds Web Help Desk 12.7.0 allows CSV Injection, also known as Formula Injection, via a file attached to a ticket.

6.5CVSS6.4AI score0.00943EPSS

CVE•added 2020/04/27 3:15 p.m.•30 views

CVE-2019-20002

Formula Injection exists in the export feature in SolarWinds WebHelpDesk 12.7.1 via a value (provided by a low-privileged user in the Subject field of a help request form) that is mishandled in a TicketActions/view?tab=group TSV export by an admin user.

7.8CVSS7.7AI score0.01048EPSS