CVE-2024-45712

LOW

Solarwinds Serv-u < 15.5.1 - XSS

Title source: rule

Description

SolarWinds Serv-U is vulnerable to a client-side cross-site scripting (XSS) vulnerability. The vulnerability can only be performed by an authenticated account, on the local machine, from the local browser session. Therefore the risk is very low.

Exploits (1)

nomisec SCANNER

by Teexo · poc

https://github.com/Teexo/woocommerce_scanner

View Code ZIP pw:eip

References (2)

[Release Notes] https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-5-1_release_notes.htm

[Patch, Vendor Advisory] https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-45712

Scores

CVSS v3 2.6

EPSS 0.0009

EPSS Percentile 25.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

solarwinds/serv-u < 15.5.1

Published Apr 15, 2025

Tracked Since Feb 18, 2026