CVE-2020-28001

Stored cross-site scripting in Serv-U File Server by SolarWinds | The Missing Link

Discovered by Jack Misiura on behalf of The Missing Link Security

Vulnerability Details

SolarWinds Serv-U FTP server through 15.2.1 does not correctly sanitize and validate the user-supplied directory names, allowing malicious users to create directories that when clicked on (in the breadcrumb menu) will trigger XSS payloads.

Successful exploitation of this issue may allow an attacker to perform unauthorised actions in the user’s security context.

Affected Versions

Discovered in: 15.2.1

Fixed Versions

Fixed in: 15.2.2

Latest News

5 Microsoft Power Platform Benefits That Will Transform Your Business

5 Key Takeaways from Early Adopters of Microsoft 365 Copilot

The Missing Link is recognised as Premier Service Delivery Partner by Netskope

See All News