exploitDog

CVE-2019-16954

Опубликовано: 06 янв. 2021

Источник: nvd

CVSS3: 5.4

CVSS2: 4.9

EPSS Низкий

Описание

SolarWinds Web Help Desk 12.7.0 allows HTML injection via a Comment in a Help Request ticket.

Ссылки

https://support.solarwinds.com/SuccessCenter/s/
Vendor Advisory
https://www.esecforte.com/html-injection-vulnerability-in-solarwinds-web-help-desk/
Exploit
Third Party Advisory
https://www.solarwinds.com/free-tools/free-help-desk-software
Product
Vendor Advisory
https://support.solarwinds.com/SuccessCenter/s/
Vendor Advisory
https://www.esecforte.com/html-injection-vulnerability-in-solarwinds-web-help-desk/
Exploit
Third Party Advisory
https://www.solarwinds.com/free-tools/free-help-desk-software
Product
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:solarwinds:web_help_desk:12.7.0:*:*:*:*:*:*:*

EPSS

Процентиль: 80%

0.01433

Низкий

5.4 Medium

CVSS3

4.9 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-f55g-c9wq-p6hv

github

больше 3 лет назад

SolarWinds Web Help Desk 12.7.0 allows HTML injection via a Comment in a Help Request ticket.

EPSS

Процентиль: 80%

0.01433

Низкий

5.4 Medium

CVSS3

4.9 Medium

CVSS2

Дефекты

CWE-79