CVE-2018-19934
published 2019-03-21CVE-2018-19934: SolarWinds Serv-U FTP Server 15.1.6.25 has reflected cross-site scripting (XSS) in the Web management interface via URL path and HTTP POST parameter.
PriorityP423medium4.8CVSS 3.0
AVNACLPRHUIRSCCLILAN
EPSS
5.53%
91.8th percentile
SolarWinds Serv-U FTP Server 15.1.6.25 has reflected cross-site scripting (XSS) in the Web management interface via URL path and HTTP POST parameter.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| solarwinds | serv-u_ftp_server | — | — |
| solarwinds | serv-u_ftp_server | — | — |
CVSS provenance
nvdv3.04.8MEDIUMCVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6g3j-f6fw-33hm: A cross-site scripting (XSS) vulnerability exists in SolarWinds Serv-U FTP Server 15
ghsa_unreviewed·2022-05-24·CVSS 4.8
CVE-2019-19829 [MEDIUM] GHSA-6g3j-f6fw-33hm: A cross-site scripting (XSS) vulnerability exists in SolarWinds Serv-U FTP Server 15
A cross-site scripting (XSS) vulnerability exists in SolarWinds Serv-U FTP Server 15.1.7 in the email parameter, a different vulnerability than CVE-2018-19934 and CVE-2019-13182.
GHSA
GHSA-qrmq-pmv4-35gc: SolarWinds Serv-U FTP Server 15
ghsa_unreviewed·2022-05-14
CVE-2018-19934 [MEDIUM] CWE-79 GHSA-qrmq-pmv4-35gc: SolarWinds Serv-U FTP Server 15
SolarWinds Serv-U FTP Server 15.1.6.25 has reflected cross-site scripting (XSS) in the Web management interface via URL path and HTTP POST parameter.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/151474/SolarWinds-Serv-U-FTP-15.1.6.25-Cross-Site-Scripting.htmlhttp://seclists.org/fulldisclosure/2019/Feb/5https://www.themissinglink.com.au/security-advisories-cve-2018-19934http://packetstormsecurity.com/files/151474/SolarWinds-Serv-U-FTP-15.1.6.25-Cross-Site-Scripting.htmlhttp://seclists.org/fulldisclosure/2019/Feb/5https://www.themissinglink.com.au/security-advisories-cve-2018-19934
2019-03-21
Published