CVE-2020-22428

Sažetak

SolarWinds Serv-U before 15.1.6 Hotfix 3 is affected by Cross Site Scripting (XSS) via a directory name (entered by an admin) containing a JavaScript payload.

Reference

https://github.com/matrix
https://support.solarwinds.com/SuccessCenter/s/article/Serv-U-15-1-6-Hotfix-3?language=en_US
https://twitter.com/gm4tr1x
https://www.linkedin.com/in/gabrielegristina

CVSS

Base:	3.5
Impact:	2.9
Exploitability:	6.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:S/C:N/I:P/A:N

Zadnje važnije ažuriranje

17-05-2021 - 14:56

Objavljeno

05-05-2021 - 03:15