CVE-2019-20484

January 8, 2021

An issue was discovered in Viki Vera 4.9.1.26180. A user without access to a project could download or upload project files by opening the Project URL directly in the browser after logging in.

Summary:

An issue was discovered in Viki Vera 4.9.1.26180. A user without access to a project could download or upload project files by opening the Project URL directly in the browser after logging in.

Reference Links(if available):

  • https://www.gosecure.net/blog/2020/12/15/vera-stored-xss-improper-access-control/

  • CVSS Score (if available)

    v2: / MEDIUM

    v3: /

    Links to Exploits(if available)

  • You may have missed

    image 1

    CVE Alert: CVE-2024-52867

    November 18, 2024
    image 1

    CVE Alert: CVE-2020-25720

    November 18, 2024
    image 1

    CVE Alert: CVE-2023-4639

    November 18, 2024
    image 1

    CVE Alert: CVE-2023-1419

    November 18, 2024
    image 1

    CVE Alert: CVE-2023-43091

    November 18, 2024