CVE-2019-10263

Name of the Vulnerable Software and Affected Versions Ahsay Cloud Backup Suite versions prior to 8.1.1.50

Description An issue was discovered that allows an attacker to inject XSS in the Alias field when creating a trial account. This enables the attacker to retrieve the admin's cookie and potentially take over the account.

Recommendations For versions prior to 8.1.1.50, update to version 8.1.1.50 or later to resolve the issue. As a temporary workaround, consider restricting access to the trial account creation feature to minimize the risk of exploitation. Avoid using the Alias field in a way that could allow XSS injection until the issue is resolved.