Vulnerability Details CVE-2020-22428
SolarWinds Serv-U before 15.1.6 Hotfix 3 is affected by Cross Site Scripting (XSS) via a directory name (entered by an admin) containing a JavaScript payload.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 74.3%
CVSS Severity
CVSS v3 Score 4.8
CVSS v2 Score 3.5
References
- https://github.com/matrix
- https://support.solarwinds.com/SuccessCenter/s/article/Serv-U-15-1-6-Hotfix-3?language=en_US
- https://twitter.com/gm4tr1x
- https://www.linkedin.com/in/gabrielegristina
- https://github.com/matrix
- https://support.solarwinds.com/SuccessCenter/s/article/Serv-U-15-1-6-Hotfix-3?language=en_US
- https://twitter.com/gm4tr1x
- https://www.linkedin.com/in/gabrielegristina
Products affected by CVE-2020-22428
-
cpe:2.3:a:solarwinds:serv-u_ftp_server:15.1
-
cpe:2.3:a:solarwinds:serv-u_mft_server:15.1