CVE-2019-19738

Name of the Vulnerable Software and Affected Versions MFScripts YetiShare versions 3.5.2 through 4.5.3

Description The issue allows an attacker to input HTML or execute scripts on the site due to the lack of sanitization or encoding of the output from the lFile parameter in the log file viewer.php page. This could lead to cross-site scripting (XSS) attacks.

Recommendations For MFScripts YetiShare versions 3.5.2 through 4.5.3, consider sanitizing or encoding the output from the lFile parameter in the log file viewer.php page to prevent XSS attacks. As a temporary workaround, restrict access to the log file viewer.php page until a proper fix is applied.