CVE-2020-24924 – A Persistent Cross-site Scripting vulnerability is found in ElkarBackup v

A Persistent Cross-site Scripting vulnerability is found in ElkarBackup v1.3.3, where an attacker can steal the user session cookie using this vulnerability present on Policies >> action >> Name Parameter

 

Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24924

Reference (s):

• https://github.com/sooraj24/new/blob/master/XSS%20in%20ElkarBackup
• https://vyshnavvizz.blogspot.com/2020/09/stored-cross-site-scripting-in.html
• https://www.elkarbackup.org/