CVE-2017-16950

Cross - site scripting (XSS) vulnerability in UrBackup Server before 2.1.20 allows remote attackers to inject arbitrary web script or HTML via the action parameter.