Title: Stored cross-site scripting in SolarWinds Serv-U
Discovery: Richard Tan on behalf of The Missing Link Security
A vulnerability exists in SolarWinds Serv-U FTP Server that could allow for stored cross-site scripting (XSS) attack to be performed against both authenticated users and unauthenticated users.
Affected fields include:
* Full Name
* HTTP Login Title Text
Discovered in: 15.1.7
Fixed in: Serv-U 15.1.7 Hotfix 2
Solarwinds would like to thank Richard Tan for reporting this issue to us.