Discovered by Richard Tan on behalf of The Missing Link Security
A vulnerability exists in SolarWinds Serv-U FTP Server that could allow for stored cross-site scripting (XSS) attack to be performed against both authenticated users and unauthenticated users.
Affected fields include:
* Full Name
* HTTP Login Title Text
Successful exploitation of this issue may allow an attacker to inject arbitrary javascript and perform unauthorised actions in the user’s security context.
Discovered in: 15.1.7
Serv-U 15.1.7 Hotfix 2