CVE-2019-16954

MEDIUM

SolarWinds Web Help Desk 12.7.0 - Cross-Site Scripting via Help Request Ticket Comment

Title source: llm
STIX 2.1

Description

SolarWinds Web Help Desk 12.7.0 allows HTML injection via a Comment in a Help Request ticket.

References (3)

Core 3
Core References
Vendor Advisory x_refsource_misc
https://support.solarwinds.com/SuccessCenter/s/
Product, Vendor Advisory x_refsource_misc
https://www.solarwinds.com/free-tools/free-help-desk-software

Scores

CVSS v3 5.4
EPSS 0.0143
EPSS Percentile 80.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
solarwinds/web_help_desk 12.7.0
Published Jan 06, 2021
Tracked Since Feb 18, 2026