CVE-2019-16960

Name of the Vulnerable Software and Affected Versions SolarWinds Web Help Desk version 12.7.0

Description The issue allows for cross-site scripting (XSS) attacks via a crafted CSV template file, specifically by manipulating the Location Name field. This can potentially lead to the execution of malicious scripts on the client-side.

Recommendations For SolarWinds Web Help Desk version 12.7.0, consider disabling the import of CSV template files or restricting access to this feature until a fix is available. As a temporary workaround, avoid using crafted Location Name fields in CSV templates to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.