CVE-2018-19934

Reflected XSS in SolarWinds Serv-U FTP Server | The Missing Link

Discovered by Chris Moberly on behalf of The Missing Link Security

Vulnerability Details

The Serv-U FTP Server is vulnerable to a reflected cross-site scripting attack at the following injection points:

**Injection Point: URL Path**
* /Admin/XML
* /Admin/XML/Result.xml

**Injection Point: HTTP POST Parameter**
* /Admin/XML/SMTPResult.xml ('SMTPServer' parameter)

Affected Versions

Discovered in: 15.1.6.25 (current as of Dec 2018)
Fixed in: Serv-U 15.1.6 hotfix 3

Latest News

5 Microsoft Power Platform Benefits That Will Transform Your Business

5 Key Takeaways from Early Adopters of Microsoft 365 Copilot

The Missing Link is recognised as Premier Service Delivery Partner by Netskope

See All News