CVE-2019-20483

Description

An issue was discovered in Viki Vera 4.9.1.26180. An attacker could set a user's last name to an XSS Payload, and read another user's cookie and use that to login to the application.

Affected Software
References

Software	From	Fixed in
vikisolutions / vera	4.9.1.26180	4.9.1.26180.x

https://www.gosecure.net/blog/2020/12/15/vera-stored-xss-improper-access-control/

Severity: Medium

CVE: CVE-2019-20483
Published: Jan 5, 2021
Updated: Apr 13, 2023
Exploit:

Severity: Medium
Score: 5.4
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Severity: Low
Score: 3.5
AV:N/AC:M/Au:S/C:N/I:P/A:N

CWE-79

A7 - Cross-Site Scripting (XSS)

CVE-2019-20483

Description

Details

CVSS v3

CVSS v2

CWEs

OWASP TOP 10