CVE-2020-35249

MEDIUM

Elkarbackup - XSS

Title source: rule

Description

Cross Site Scripting (XSS) vulnerability in ElkarBackup 1.3.3, allows attackers to execute arbitrary code via the name parameter to the add client feature.

Exploits (1)

exploitdb WORKING POC

by Enes Özeser · textwebappsphp

https://www.exploit-db.com/exploits/48756

View Code ZIP pw:eip

References (1)

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/48756

Scores

CVSS v3 6.1

EPSS 0.0056

EPSS Percentile 68.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

elkarbackup/elkarbackup 1.3.3

Published Nov 02, 2021

Tracked Since Feb 18, 2026