3 matches found
CVE-2019-20484
CVE-2019-20484 affects Viki Vera 4.9.1.26180. A user who is not granted access to a project can download or upload project files by directly opening the Project URL in a browser after logging in. The Red Hat and CNVD entries corroborate the same access-control flaw, indicating an improper restric...
CVE-2019-20483
The CVE-2019-20483 entry concerns Viki Vera version 4.9.1.26180. The vulnerability allows an attacker to set a user’s last name to an XSS payload, which can be used to read another user’s cookie and impersonate the user by using that cookie to log in. This is described across multiple connected s...
CVE-2019-15123
The CVE-2019-15123 entry concerns Viki Vera 4.9.1.26180, specifically the Branding Module. An authenticated user can modify the site logo and upload a malicious .aspx file, enabling Remote Code Execution on the affected site. The vulnerability is described consistently across multiple sources (in...