Stored cross-site scripting in SolarWinds Serv-U | The Missing Link

Discovered by Richard Tan on behalf of The Missing Link Security

Vulnerability Details

A vulnerability exists in SolarWinds Serv-U FTP Server that could allow for stored cross-site scripting (XSS) attack to be performed against both authenticated users and unauthenticated users.

Affected fields include:

* Full Name

* HTTP Login Title Text

Successful exploitation of this issue may allow an attacker to inject arbitrary javascript and perform unauthorised actions in the user’s security context.


Affected Versions

Discovered in: 15.1.7

Fixed Versions

Serv-U 15.1.7 Hotfix 2

Latest News