An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. When creating a trial account, it is possible to inject XSS in the Alias field, allowing the attacker to retrieve the admin’s cookie and take over the account.
CPE | Name | Operator | Version |
---|---|---|---|
cloud_backup_suite | lt | 8.1.1.50 |