Cross-Site Scripting Vulnerability in Serv-U Web Client 

(CVE-2022-38106)

Security Advisory Summary

Cross-site scripting vulnerability in Serv-U versions 15.3.0 to 15.3.1 The vulnerability happens when a non-privileged user creates a new folder in Serv-U web client option and enters the payload.

Affected Products

  • Serv-U 15.3.0
  • Serv-U 15.3.1

Fixed Software Release

Acknowledgments

  • Balaji Ayyasamy

Advisory Details

Severity

7.5 High

Advisory ID

First Published

12/15/2022

Fixed Version