2021-01-05 21:02:18
mitre
PUBLISHED
An issue was discovered in Viki Vera 4.9.1.26180. An attacker could set a users last name to an XSS Payload, and read another users cookie and use that to login to the application.