Vulnerabilities > Solarwinds > Serv U FTP Server > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-05 | CVE-2020-22428 | Cross-site Scripting vulnerability in Solarwinds Serv-U FTP Server and Serv-U MFT Server SolarWinds Serv-U before 15.1.6 Hotfix 3 is affected by Cross Site Scripting (XSS) via a directory name (entered by an admin) containing a JavaScript payload. | 4.8 |
| 2019-12-18 | CVE-2019-19829 | Cross-site Scripting vulnerability in Solarwinds Serv-U FTP Server 15.1.7 A cross-site scripting (XSS) vulnerability exists in SolarWinds Serv-U FTP Server 15.1.7 in the email parameter, a different vulnerability than CVE-2018-19934 and CVE-2019-13182. | 5.4 |
| 2019-12-16 | CVE-2019-13182 | Cross-site Scripting vulnerability in Solarwinds Serv-U FTP Server 15.1.7 A stored cross-site scripting (XSS) vulnerability exists in the web UI of SolarWinds Serv-U FTP Server 15.1.7. | 5.4 |
| 2019-12-16 | CVE-2019-13181 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Solarwinds Serv-U FTP Server 15.1.7 A CSV injection vulnerability exists in the web UI of SolarWinds Serv-U FTP Server v15.1.7. | 6.5 |
| 2019-03-21 | CVE-2018-19934 | Cross-site Scripting vulnerability in Solarwinds Serv-U FTP Server 15.1.6.25 SolarWinds Serv-U FTP Server 15.1.6.25 has reflected cross-site scripting (XSS) in the Web management interface via URL path and HTTP POST parameter. | 4.8 |