Cross-Site Scripting in SolarWinds Web Help Desk Product
CVE-2019-16955
5.4MEDIUM
What is CVE-2019-16955?
The SolarWinds Web Help Desk version 12.7.0 is susceptible to a Cross-Site Scripting (XSS) vulnerability that occurs when the application improperly processes uploaded SVG files. Attackers can exploit this flaw to execute arbitrary scripts in the context of a user's session, potentially leading to unauthorized actions or data breaches. This vulnerability highlights the importance of secure file upload handling to ensure that no malicious content can be executed.