Cross - site scripting (XSS) vulnerability in UrBackup Server before 2.1.20 allows remote attackers to inject arbitrary web script or HTML via the action parameter.
6.1CVSS
6AI Score
0.001EPSS
In UrBackup 2.2.6, an attacker can send a malformed request to the client over the network, and trigger a fileservplugin/CClientThread.cpp CClientThread::ProcessPacket metadata_id!=0 assertion, leading to shutting down the client application.
7.5CVSS
7.5AI Score
0.001EPSS
In UrBackup 2.2.6, an attacker can send a malformed request to the client over the network, and trigger a fileservplugin/CClientThread.cpp CClientThread::GetFileHashAndMetadata NULL pointer dereference, leading to shutting down the client application.
7.5CVSS
7.5AI Score
0.002EPSS
UrBackup Server 2.5.31 allows brute-force enumeration of user accounts because a failure message confirms that a username is not valid.
5.3CVSS
5.3AI Score
0.0005EPSS