CVE-2021-32604: XSS
First published: Tue May 11 2021(Updated: )
Share/IncomingWizard.htm in SolarWinds Serv-U before 15.2.3 mishandles the user-supplied SenderEmail parameter, aka "Share URL XSS."
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SolarWinds Serv-U | <15.2.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-2-3_release_notes.htm
- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/solarwinds-serv-u-1523-share-url-xss-cve-2021-32604/
- https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29000
Frequently Asked Questions
What is CVE-2021-32604?
CVE-2021-32604 is a vulnerability in SolarWinds Serv-U before version 15.2.3 that mishandles the user-supplied SenderEmail parameter, leading to a cross-site scripting (XSS) attack.
What is the severity of CVE-2021-32604?
The severity of CVE-2021-32604 is medium with a CVSS score of 5.4.
How does CVE-2021-32604 affect SolarWinds Serv-U?
CVE-2021-32604 affects SolarWinds Serv-U versions before 15.2.3.
How can I fix CVE-2021-32604?
To fix CVE-2021-32604, you should update SolarWinds Serv-U to version 15.2.3 or later.
Where can I find more information about CVE-2021-32604?
You can find more information about CVE-2021-32604 on the SolarWinds Serv-U release notes and the Trustwave security advisories.
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/weakness
- agent/type
- agent/description
- agent/event
- agent/softwarecombine
- agent/tags
- agent/last-modified-date
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/solarwinds
- canonical/solarwinds serv-u