Arbitrary Web Script Injection in BackupPC View.pm

Arbitrary Web Script Injection in BackupPC View.pm

CVE-2011-4923 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in View.pm in BackupPC 3.0.0, 3.1.0, 3.2.0, 3.2.1, and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the num parameter in a view action to index.cgi, related to the log file viewer, a different vulnerability than CVE-2011-3361.

Learn more about our Web App Pen Testing.