Vulnerability Details CVE-2018-19934
SolarWinds Serv-U FTP Server 15.1.6.25 has reflected cross-site scripting (XSS) in the Web management interface via URL path and HTTP POST parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.018
EPSS Ranking 82.1%
CVSS Severity
CVSS v3 Score 4.8
CVSS v2 Score 3.5
References
- http://packetstormsecurity.com/files/151474/SolarWinds-Serv-U-FTP-15.1.6.25-Cross-Site-Scripting.html
- http://seclists.org/fulldisclosure/2019/Feb/5
- https://www.themissinglink.com.au/security-advisories-cve-2018-19934
- http://packetstormsecurity.com/files/151474/SolarWinds-Serv-U-FTP-15.1.6.25-Cross-Site-Scripting.html
- http://seclists.org/fulldisclosure/2019/Feb/5
- https://www.themissinglink.com.au/security-advisories-cve-2018-19934
Products affected by CVE-2018-19934
-
cpe:2.3:a:solarwinds:serv-u_ftp_server:15.1.6.25