HTML Injection Vulnerability on Serv-U 15.4 (CVE-2023-40053)

Summary

A vulnerability has been identified within Serv-U 15.4 that allows an authenticated actor to insert content on the file share function feature of Serv-U, which could be used maliciously.

Affected Products

Serv-U 15.4 HF2 and earlier

Fixed Software Release

Serv-U 15.4.1

Advisory Details

Severity

Medium

Advisory ID

CVE-2023-40053

First Published

12/05/2023

Last Updated

12/05/2023

Fixed Version

Serv-U 15.4.1

CVSS Score

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

Download PDF

Send an Email