Web Help Desk
by Webhelpdesk
CVEs (27)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-16956 | 0.00 | — | 0.02 | Jan 4, 2021 | SolarWinds Web Help Desk 12.7.0 allows XSS via the Request Type parameter of a ticket. | |||
| CVE-2019-16959 | 0.00 | — | 0.02 | Dec 21, 2020 | SolarWinds Web Help Desk 12.7.0 allows CSV Injection, also known as Formula Injection, via a file attached to a ticket. | |||
| CVE-2019-16955 | 0.00 | — | 0.02 | Dec 18, 2020 | SolarWinds Web Help Desk 12.7.0 allows XSS via an uploaded SVG document in a request. | |||
| CVE-2019-16957 | 0.00 | — | 0.01 | Dec 18, 2020 | SolarWinds Web Help Desk 12.7.0 allows XSS via the First Name field of a User Account. | |||
| CVE-2019-16958 | 0.00 | — | 0.01 | Dec 1, 2020 | Cross-site Scripting (XSS) vulnerability in SolarWinds Web Help Desk 12.7.0 allows attacker to inject arbitrary web script or HTML via Location Name. | |||
| CVE-2009-1261 | 0.00 | — | 0.01 | Apr 7, 2009 | Multiple cross-site scripting (XSS) vulnerabilities in Web Help Desk 9.1.22 (evaluation version) allow remote attackers to inject arbitrary web script or HTML via the (1) Report Name, (2) Asset No., and (3) Full Name fields in a Models action. NOTE: the provenance of this… | |||
| CVE-2009-0303 | 0.00 | — | 0.01 | Jan 27, 2009 | Cross-site scripting (XSS) vulnerability in Web Help Desk before 9.1.18 allows remote attackers to inject arbitrary web script or HTML via vectors related to "encoded JavaScript" and Helpdesk.woa. |
- CVE-2019-16956Jan 4, 2021risk 0.00cvss —epss 0.02
SolarWinds Web Help Desk 12.7.0 allows XSS via the Request Type parameter of a ticket.
- CVE-2019-16959Dec 21, 2020risk 0.00cvss —epss 0.02
SolarWinds Web Help Desk 12.7.0 allows CSV Injection, also known as Formula Injection, via a file attached to a ticket.
- CVE-2019-16955Dec 18, 2020risk 0.00cvss —epss 0.02
SolarWinds Web Help Desk 12.7.0 allows XSS via an uploaded SVG document in a request.
- CVE-2019-16957Dec 18, 2020risk 0.00cvss —epss 0.01
SolarWinds Web Help Desk 12.7.0 allows XSS via the First Name field of a User Account.
- CVE-2019-16958Dec 1, 2020risk 0.00cvss —epss 0.01
Cross-site Scripting (XSS) vulnerability in SolarWinds Web Help Desk 12.7.0 allows attacker to inject arbitrary web script or HTML via Location Name.
- CVE-2009-1261Apr 7, 2009risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in Web Help Desk 9.1.22 (evaluation version) allow remote attackers to inject arbitrary web script or HTML via the (1) Report Name, (2) Asset No., and (3) Full Name fields in a Models action. NOTE: the provenance of this…
- CVE-2009-0303Jan 27, 2009risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Web Help Desk before 9.1.18 allows remote attackers to inject arbitrary web script or HTML via vectors related to "encoded JavaScript" and Helpdesk.woa.
Page 2 of 2