Search
Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-32076 | 1 Solarwinds | 1 Web Help Desk | 2021-09-23 | 5.0 MEDIUM | 5.3 MEDIUM |
| Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2. An attacker can access the 'Web Help Desk Getting Started Wizard', especially the admin account creation page, from a non-privileged IP address network range or loopback address by intercepting the HTTP request and changing the referrer from the public IP address to the loopback. | |||||
| CVE-2019-16954 | 1 Solarwinds | 1 Web Help Desk | 2021-07-21 | 4.9 MEDIUM | 5.4 MEDIUM |
| SolarWinds Web Help Desk 12.7.0 allows HTML injection via a Comment in a Help Request ticket. | |||||
| CVE-2019-16961 | 1 Solarwinds | 1 Web Help Desk | 2021-01-21 | 3.5 LOW | 5.4 MEDIUM |
| SolarWinds Web Help Desk 12.7.0 allows XSS via a Schedule Name. | |||||
| CVE-2019-16956 | 1 Solarwinds | 1 Web Help Desk | 2021-01-06 | 3.5 LOW | 5.4 MEDIUM |
| SolarWinds Web Help Desk 12.7.0 allows XSS via the Request Type parameter of a ticket. | |||||
| CVE-2019-16960 | 1 Solarwinds | 1 Web Help Desk | 2021-01-06 | 3.5 LOW | 5.4 MEDIUM |
| SolarWinds Web Help Desk 12.7.0 allows XSS via a CSV template file with a crafted Location Name field. | |||||