CVE-2019-20484

2021-01-0521:05:07

mitre

www.cve.org

viki vera

unauthorized access

project files

AI Score

Confidence

High

EPSS

0.001

Percentile

34.4%

JSON

An issue was discovered in Viki Vera 4.9.1.26180. A user without access to a project could download or upload project files by opening the Project URL directly in the browser after logging in.

References

www.gosecure.net/blog/2020/12/15/vera-stored-xss-improper-access-control/