Vulnerabilities > Solarwinds > Serv U > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-11 | CVE-2021-32604 | Cross-site Scripting vulnerability in Solarwinds Serv-U 15.1.6/15.2.1/15.2.2 Share/IncomingWizard.htm in SolarWinds Serv-U before 15.2.3 mishandles the user-supplied SenderEmail parameter, aka "Share URL XSS." | 3.5 |
| 2021-02-03 | CVE-2021-25276 | Incorrect Permission Assignment for Critical Resource vulnerability in Solarwinds Serv-U 15.1.6/15.2.1/15.2.2 In SolarWinds Serv-U before 15.2.2 Hotfix 1, there is a directory containing user profile files (that include users' password hashes) that is world readable and writable. | 3.6 |
| 2021-02-03 | CVE-2020-28001 | Cross-site Scripting vulnerability in Solarwinds Serv-U 15.1.6/15.2.1 SolarWinds Serv-U before 15.2.2 allows Authenticated Stored XSS. | 3.5 |
| 2021-02-03 | CVE-2020-35482 | Cross-site Scripting vulnerability in Solarwinds Serv-U 15.1.6/15.2.1 SolarWinds Serv-U before 15.2.2 allows authenticated reflected XSS. | 3.5 |