mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-28 17:22:02 +00:00
771 B
771 B
CVE-2019-20483
Description
An issue was discovered in Viki Vera 4.9.1.26180. An attacker could set a user's last name to an XSS Payload, and read another user's cookie and use that to login to the application.
POC
Reference
- https://www.gosecure.net/blog/2020/12/15/vera-stored-xss-improper-access-control/
- https://www.gosecure.net/blog/2020/12/15/vera-stored-xss-improper-access-control/
Github
No PoCs found on GitHub currently.