Cross Site Scripting Vulnerability in Pydio by Aglie
CVE-2018-1999016

6.1MEDIUM

Key Information:

Vendor: Pydio
Status: Pydio
Vendor: CVE Published:; 3 October 2022

What is CVE-2018-1999016?

An XSS vulnerability was identified in Pydio versions 8.2.0 and earlier, located in 'core/vendor/meenie/javascript-packer/example-inline.php' and 'core/vendor/dapphp/securimage/examples/test.mysql.static.php'. This issue allows an unauthenticated remote attacker to execute JavaScript code in the context of the user's session by enticing the victim to open a specially crafted URL. The successful exploitation of this vulnerability enables attackers to manipulate the web client and could have serious implications on user data integrity and security. The vulnerability was addressed in Pydio version 8.2.1.

References

https://www.mike-gualtieri.com/files/Pydio-8-Vulnerabilit...

x_refsource_MISC

https://pydio.com/en/community/releases/pydio-core/pydio-...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 3, 2022
Vulnerability Reserved
Jul 17, 2018

CVE-2018-1999016 Data

JSON