**CVE-2017-16950 - Reflected XSS Urbackup Server < 2.1.20** Cross - site scripting (XSS) vulnerability in UrBackup Server before 2.1.20 allows remote attackers to inject arbitrary web script or HTML on **action** parameter. http://vulnerable.com/x?a=" {{ :cve:cve-2017-16950-xss_2.1.19.png?nolink&600 |}} Discovered by : Mickael BROUTY - FIDENS [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16950 | Mitre CVE-2017-16950]]