CVE-2018-19934

MEDIUM

SolarWinds Serv-U FTP Server <15.1.6.25 - XSS

Title source: llm
STIX 2.1

Description

SolarWinds Serv-U FTP Server 15.1.6.25 has reflected cross-site scripting (XSS) in the Web management interface via URL path and HTTP POST parameter.

References (3)

Core 3
Core References
Mailing List, Third Party Advisory x_refsource_misc
http://seclists.org/fulldisclosure/2019/Feb/5

Scores

CVSS v3 4.8
EPSS 0.0151
EPSS Percentile 81.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
solarwinds/serv-u_ftp_server 15.1.6.25
Published Mar 21, 2019
Tracked Since Feb 18, 2026