Vulnerability Details CVE-2019-10263
An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. When creating a trial account, it is possible to inject XSS in the Alias field, allowing the attacker to retrieve the admin's cookie and take over the account.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 52.6%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
Products affected by CVE-2019-10263
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.11.0.10
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.11.0.20
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.11.0.4
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.13.0.0
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.13.0.2
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.13.0.6
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.15.0.20
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.15.0.8
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.15.2.2
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.15.4.10
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.15.4.41
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.15.6.38
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.15.6.55
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.17.0.30
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.17.0.50
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.3.0.0
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.3.2.0
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.5.0.0
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.7.0.0
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.7.2.0
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.9.0.0
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.9.2.0
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.9.2.2
-
cpe:2.3:a:ahsay:cloud_backup_suite:8.1.0.24
-
cpe:2.3:a:ahsay:cloud_backup_suite:8.1.0.50