Primary

Context

SolarWinds Serv-U Client-Side Cross-Site Scripting Vulnerability

Vulnerability

Patched

A client-side cross-site scripting (XSS) vulnerability has been identified in SolarWinds Serv-U. This issue can only be exploited by an authenticated user, on the local machine, and through the local browser session, which significantly lowers the risk. The vulnerability is present in Serv-U versions prior to 15.5.1.104.

Impact

Exploitation of this vulnerability allows for client-side cross-site scripting, where an attacker could inject malicious scripts that are executed in the context of the user's browser.

Remediation

Users can upgrade to Serv-U version 15.5.1.104 to address this vulnerability. Instructions for upgrading are available in the SolarWinds Serv-U File Server Administrator Guide.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

1.7

exploitability

3.8

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

1.7

exploitability

3.8

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SolarWinds Serv-U Client-Side Cross-Site Scripting Vulnerability

Vulnerability

Impact

Remediation

Affected Products

SolarWinds Serv-U

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating