Cross-Site Scripting Vulnerability in SolarWinds Serv-U
CVE-2021-32604
5.4MEDIUM
Summary
A vulnerability exists in SolarWinds Serv-U prior to version 15.2.3 that improperly processes the user-supplied SenderEmail parameter in Share/IncomingWizard.htm, leading to potential Cross-Site Scripting (XSS) attacks. This flaw allows attackers to inject malicious scripts into web pages viewed by other users, potentially compromising sensitive information and user security.
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved