Show filters
70 Total Results
Displaying 21-30 of 70
Sort by:
Attacker Value
Unknown

CVE-2021-32604

Disclosure Date: May 11, 2021 (last updated February 22, 2025)
Share/IncomingWizard.htm in SolarWinds Serv-U before 15.2.3 mishandles the user-supplied SenderEmail parameter, aka "Share URL XSS."
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2021-25179

Disclosure Date: May 05, 2021 (last updated February 22, 2025)
SolarWinds Serv-U before 15.2 is affected by Cross Site Scripting (XSS) via the HTTP Host header.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2020-22428

Disclosure Date: May 05, 2021 (last updated February 22, 2025)
SolarWinds Serv-U before 15.1.6 Hotfix 3 is affected by Cross Site Scripting (XSS) via a directory name (entered by an admin) containing a JavaScript payload.
Attack Vector: NetworkPrivileges: HighUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2021-3154

Disclosure Date: May 04, 2021 (last updated February 22, 2025)
An issue was discovered in SolarWinds Serv-U before 15.2.2. Unauthenticated attackers can retrieve cleartext passwords via macro Injection. NOTE: this had a distinct fix relative to CVE-2020-35481.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2020-28001

Disclosure Date: February 03, 2021 (last updated February 22, 2025)
SolarWinds Serv-U before 15.2.2 allows Authenticated Stored XSS.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2020-27994

Disclosure Date: February 03, 2021 (last updated February 22, 2025)
SolarWinds Serv-U before 15.2.2 allows Authenticated Directory Traversal.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2020-35481

Disclosure Date: February 03, 2021 (last updated February 22, 2025)
SolarWinds Serv-U before 15.2.2 allows Unauthenticated Macro Injection.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2020-35482

Disclosure Date: February 03, 2021 (last updated February 22, 2025)
SolarWinds Serv-U before 15.2.2 allows authenticated reflected XSS.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2020-15575

Disclosure Date: July 07, 2020 (last updated February 21, 2025)
SolarWinds Serv-U File Server before 15.2.1 allows XSS as demonstrated by Tenable Scan, aka Case Number 00484194.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2020-15573

Disclosure Date: July 07, 2020 (last updated February 21, 2025)
SolarWinds Serv-U File Server before 15.2.1 has a "Cross-script vulnerability," aka Case Numbers 00041778 and 00306421.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
View More Topics  < Previous  Next >