Ahsay: >> Cloud Backup Suite >> 7.3.2.0 Security Vulnerabilities
An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. When creating a trial account, it is possible to inject XSS in the Alias field, allowing the attacker to retrieve the admin's cookie and take over the account.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-07-26
An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. With a valid administrator account, the "Move / Import / Export Users" screen has an Import Users option. This option accepts a ZIP archive containing a users.xml file that can trigger XXE.
CVSS Score
7.2
EPSS Score
0.005
Published
2019-07-26
An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. On the /cbs/system/ShowAdvanced.do "File Explorer" screen, it is possible to change the directory in the JavaScript code. If changed to (for example) "C:" then one can browse the whole server.
CVSS Score
7.5
EPSS Score
0.007
Published
2019-07-26