Description
SolarWinds Serv-U is vulnerable to a client-side cross-site scripting (XSS) vulnerability. The vulnerability can only be performed by an authenticated account, on the local machine, from the local browser session. Therefore the risk is very low.
CVSS Metrics
- Vector
- CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N
- Attack Vector
- network
- Complexity
- high
- Privileges
- low
- User Action
- required
- Scope
- unchanged
- Confidentiality
- low
- Integrity
- none
- Availability
- none
- Weaknesses
- CWE-79
Metadata
- Primary Vendor
- SOLARWINDS
- Published
- 4/15/2025
- Last Modified
- 11/18/2025
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
solarwinds : serv-u
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.