SolarWinds Serv-U Client-Side Cross-Site Scripting Vulnerability

(CVE-2024-45712)

Summary

SolarWinds Serv-U is vulnerable to a client-side cross-site scripting (XSS) vulnerability. The vulnerability can only be performed by an authenticated account, on the local machine, from the local browser session. Therefore the risk is very low.

Affected Products

Serv-U 15.5 and earlier

Fixed Software Release

SolarWinds Serv-U 15.5.1

Advisory Details

Severity

2.6 Low

Advisory ID

CVE-2024-45712

First Published

04/15/2025

Last Published

04/15/2025

Fixed Version

SolarWinds Serv-U 15.5.1

CVSS Score

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N