CVE-2019-16958

Name of the Vulnerable Software and Affected Versions SolarWinds Web Help Desk version 12.7.0

Description The issue allows an attacker to inject arbitrary web script or HTML via the Location Name. This can lead to a Cross-site Scripting (XSS) attack. XSS is a type of attack where an attacker injects malicious scripts into a website, which are then executed by the user's browser. This can result in unauthorized access to sensitive data or taking control of the user's session.

Recommendations For SolarWinds Web Help Desk version 12.7.0, consider restricting access to the Location Name field until a patch is available. As a temporary workaround, avoid using the Location Name field to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.