CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-35481
https://notcve.org/view.php?id=CVE-2020-35481
SolarWinds Serv-U before 15.2.2 allows Unauthenticated Macro Injection. SolarWinds Serv-U versiones anteriores a 15.2.2, permite una Inyección de Macros no Autenticados • https://documentation.solarwinds.com/en/success_center/servu/Content/Release_Notes/Servu_15-2-2_release_notes.htm •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2019-16961
https://notcve.org/view.php?id=CVE-2019-16961
SolarWinds Web Help Desk 12.7.0 allows XSS via a Schedule Name. SolarWinds Web Help Desk versión 12.7.0, permite un ataque de tipo XSS por medio de un Schedule Name • https://support.solarwinds.com/SuccessCenter/s https://www.esecforte.com/cross-site-scripting-vulnerability-in-solarwinds-web-help-desk-cve-2019-16961-responsible-vulnerability-disclosure https://www.solarwinds.com/free-tools/free-help-desk-software • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2019-16954
https://notcve.org/view.php?id=CVE-2019-16954
SolarWinds Web Help Desk 12.7.0 allows HTML injection via a Comment in a Help Request ticket. SolarWinds Web Help Desk versión 12.7.0, permite una inyección de HTML por medio de un Comentario en un ticket de Petición de Ayuda • https://support.solarwinds.com/SuccessCenter/s https://www.esecforte.com/html-injection-vulnerability-in-solarwinds-web-help-desk https://www.solarwinds.com/free-tools/free-help-desk-software • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2019-16960
https://notcve.org/view.php?id=CVE-2019-16960
SolarWinds Web Help Desk 12.7.0 allows XSS via a CSV template file with a crafted Location Name field. SolarWinds Web Help Desk versión 12.7.0, permite un ataque de tipo XSS por medio de un archivo de plantilla CSV con un campo Location Name diseñado. • https://support.solarwinds.com/SuccessCenter/s https://www.esecforte.com/responsible-vulnerability-disclosure-cve-2019-16960-cross-site-scripting-vulnerability-in-solarwinds-web-help-desk https://www.solarwinds.com/free-tools/free-help-desk-software • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2019-16956
https://notcve.org/view.php?id=CVE-2019-16956
SolarWinds Web Help Desk 12.7.0 allows XSS via the Request Type parameter of a ticket. SolarWinds Web Help Desk versión 12.7.0, permite un ataque de tipo XSS por medio del parámetro Request Type de un ticket. • https://support.solarwinds.com/SuccessCenter/s https://www.esecforte.com/cross-site-scripting-vulnerability-india-responsible-vulnerability-disclosure https://www.solarwinds.com/free-tools/free-help-desk-software • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •