SolarWinds Serv-U FTP Server 15.2.1 Cross Site Scripting

Posted on 12 February 2021

SolarWinds Serv-U FTP Server versions through 15.2.1 do not correctly sanitize and validate the user-supplied directory names, allowing malicious users to create directories that when clicked on (in the breadcrumb menu) will trigger cross site scripting payloads.