CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-22428
https://notcve.org/view.php?id=CVE-2020-22428
05 May 2021 — SolarWinds Serv-U before 15.1.6 Hotfix 3 is affected by Cross Site Scripting (XSS) via a directory name (entered by an admin) containing a JavaScript payload. SolarWinds Serv-U versiones anteriores a 15.1.6 Hotfix 3, está afectado por Cross Site Scripting (XSS) por medio de un nombre de directorio (ingresado por un administrador) que contiene una carga útil de JavaScript • https://github.com/matrix • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 51%CPEs: 2EXPL: 8CVE-2019-12181 – Serv-U FTP Server < 15.1.7 - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2019-12181
17 Jun 2019 — A privilege escalation vulnerability exists in SolarWinds Serv-U before 15.1.7 for Linux. Existe una vulnerabilidad de escalado de privilegios en SolarWinds Serv-U en versiones anteriores a la 15.1.7 para Linux. Serv-U FTP Server version 15.1.6 suffers from a local privilege escalation vulnerability. • https://packetstorm.news/files/id/153333 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •