PT-2020-15858 · Elkarbackup · Elkarbackup

Vyshnav Nk

Published

2020-09-15

Updated

2020-09-18

CVE-2020-24924

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions ElkarBackup version 1.3.3

Description A Persistent Cross-site Scripting issue is found, allowing an attacker to steal the user session cookie. This issue is present on the Policies >> action >> Name Parameter.

Recommendations For ElkarBackup version 1.3.3, consider restricting access to the Name Parameter in the Policies section until a patch is available. As a temporary workaround, avoid using the vulnerable Name Parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2020-24924

Affected Products

Elkarbackup

PT-2020-15858 · Elkarbackup · Elkarbackup

CVE-2020-24924

Weakness Enumeration

Related Identifiers

Affected Products

References · 5