Cross Site Scripting in SolarWinds Serv-U Product
CVE-2020-22428
4.8MEDIUM
Key Information:
- Vendor
Solarwinds
- Vendor
- CVE Published:
- 5 May 2021
What is CVE-2020-22428?
The vulnerability in SolarWinds Serv-U allows malicious actors to inject JavaScript payloads through directory names specified by an admin. This Cross Site Scripting (XSS) issue could enable attackers to execute unauthorized scripts in the context of a user's session, potentially leading to data theft or session hijacking. Users of Serv-U versions prior to 15.1.6 Hotfix 3 should take immediate action to mitigate this risk.