HTML Injection Vulnerability on Serv-U 15.4 

(CVE-2023-40053)

Download PDF

Summary

A vulnerability has been identified within Serv-U 15.4 that allows an authenticated actor to insert content on the file share function feature of Serv-U, which could be used maliciously.

Affected Products

  • Serv-U 15.4 HF2 and earlier

Fixed Software Release

Advisory Details

Severity

4.6 Medium

Advisory ID

CVE-2023-40053

First Published

12/05/2023

Last Updated

12/05/2023

Fixed Version

Serv-U 15.4.1

CVSS Score

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N