**CVE-2017-16950 - Reflected XSS Urbackup Server < 2.1.20**

Cross - site scripting (XSS) vulnerability in UrBackup Server before 2.1.20 allows remote attackers to inject arbitrary web script or HTML on **action** parameter.

<code>
http://vulnerable.com/x?a="<script>alert("XSS")</script>
</code>

{{ :cve:cve-2017-16950-xss_2.1.19.png?nolink&600 |}}


Discovered by : Mickael BROUTY - FIDENS

[[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16950 | Mitre CVE-2017-16950]]