CVE-2019-16957

Name of the Vulnerable Software and Affected Versions SolarWinds Web Help Desk version 12.7.0

Description The issue allows for cross-site scripting (XSS) attacks via the First Name field of a User Account. This means an attacker can inject malicious scripts into the website, potentially stealing user data or taking control of user sessions.

Recommendations For SolarWinds Web Help Desk version 12.7.0, update to a version that fixes this issue to prevent XSS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting input for the First Name field to minimize the risk of exploitation.