CVE-2020-22428

Name of the Vulnerable Software and Affected Versions SolarWinds Serv-U versions prior to 15.1.6 Hotfix 3

Description The issue is related to Cross Site Scripting (XSS) via a directory name containing a JavaScript payload. This payload can be entered by an admin, potentially leading to exploitation.

Recommendations For versions prior to 15.1.6 Hotfix 3, update to version 15.1.6 Hotfix 3 or later to resolve the issue. As a temporary workaround, consider restricting the ability to create or modify directory names to minimize the risk of exploitation. Avoid using directory names that contain JavaScript code until the issue is resolved.