CVE-2018-19934

Reflected XSS in SolarWinds Serv-U FTP Server | The Missing Link

Discovered by Chris Moberly on behalf of The Missing Link Security

Vulnerability Details

The Serv-U FTP Server is vulnerable to a reflected cross-site scripting attack at the following injection points:

**Injection Point: URL Path**
* /Admin/XML
* /Admin/XML/Result.xml

**Injection Point: HTTP POST Parameter**
* /Admin/XML/SMTPResult.xml ('SMTPServer' parameter)

Affected Versions

Discovered in: 15.1.6.25 (current as of Dec 2018)
Fixed in: Serv-U 15.1.6 hotfix 3

Latest News

From Phuket with insight: Celebrating partnership success with Cloudflare

The unseen battle: Why you need secure coding now more than ever

The hidden risks of incomplete cyber security visibility

See All News