cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2021-35254,https://securityvulnerability.io/vulnerability/CVE-2021-35254,"Authenticated Remote Code Execution in WebHelpDesk 12.7.8 ",SolarWinds received a report of a vulnerability related to an input that was not sanitized in WebHelpDesk. SolarWinds has removed this input field to prevent the misuse of this input in the future.,Solarwinds,Webhelpdesk,8.2,HIGH,0.0010499999625608325,false,,false,false,false,,,false,false,,2022-03-25T18:02:27.000Z,0
CVE-2019-16959,https://securityvulnerability.io/vulnerability/CVE-2019-16959,CSV Injection Vulnerability in SolarWinds Web Help Desk Software,"SolarWinds Web Help Desk version 12.7.0 is susceptible to a CSV Injection vulnerability, also recognized as Formula Injection. This issue arises when an attacker attaches a malicious file to a support ticket, potentially enabling arbitrary code execution in the victim's environment upon processing the file. The vulnerability poses a significant risk to data security, making it crucial for administrators to sanitize user inputs and manage attachments diligently.",Solarwinds,Webhelpdesk,6.5,MEDIUM,0.0010300000431016088,false,,false,false,false,,,false,false,,2020-12-21T15:13:21.000Z,0
CVE-2019-16955,https://securityvulnerability.io/vulnerability/CVE-2019-16955,Cross-Site Scripting in SolarWinds Web Help Desk Product,"The SolarWinds Web Help Desk version 12.7.0 is susceptible to a Cross-Site Scripting (XSS) vulnerability that occurs when the application improperly processes uploaded SVG files. Attackers can exploit this flaw to execute arbitrary scripts in the context of a user's session, potentially leading to unauthorized actions or data breaches. This vulnerability highlights the importance of secure file upload handling to ensure that no malicious content can be executed.",Solarwinds,Webhelpdesk,5.4,MEDIUM,0.000859999970998615,false,,false,false,false,,,false,false,,2020-12-18T08:55:56.000Z,0
CVE-2019-16957,https://securityvulnerability.io/vulnerability/CVE-2019-16957,Cross-Site Scripting Vulnerability in SolarWinds Web Help Desk,"SolarWinds Web Help Desk 12.7.0 is susceptible to a Cross-Site Scripting (XSS) vulnerability, specifically through the First Name field when creating or editing user accounts. An attacker could exploit this weakness by injecting malicious scripts, which could execute in the context of the user’s session. It is critical for users of this software to be aware of this issue and apply necessary security measures to mitigate potential exploits.",Solarwinds,Webhelpdesk,5.4,MEDIUM,0.000859999970998615,false,,false,false,false,,,false,false,,2020-12-18T08:53:24.000Z,0
CVE-2019-20002,https://securityvulnerability.io/vulnerability/CVE-2019-20002,,Formula Injection exists in the export feature in SolarWinds WebHelpDesk 12.7.1 via a value (provided by a low-privileged user in the Subject field of a help request form) that is mishandled in a TicketActions/view?tab=group TSV export by an admin user.,Solarwinds,Webhelpdesk,7.8,HIGH,0.0006300000241026282,false,,false,false,false,,,false,false,,2020-04-27T14:29:28.000Z,0