CVE-2021-32604

MEDIUM

SolarWinds Serv-U < 15.2.3 - Cross-Site Scripting via Share URL SenderEmail Parameter

Title source: llm

Share/IncomingWizard.htm in SolarWinds Serv-U before 15.2.3 mishandles the user-supplied SenderEmail parameter, aka "Share URL XSS."

Core 3

Core References

Release Notes, Vendor Advisory x_refsource_misc

Exploit, Third Party Advisory x_refsource_misc

Exploit, Third Party Advisory x_refsource_misc

CVSS v3 5.4

EPSS 0.0176

EPSS Percentile 82.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWE

CWE-79

Status published

Products (1)

solarwinds/serv-u < 15.2.3

Published May 11, 2021

Tracked Since Feb 18, 2026