Stored XSS Vulnerability in Pydio Web Application by Pydio
CVE-2019-10047

5.4MEDIUM

Key Information:

Vendor: Pydio
Status: Pydio
Vendor: CVE Published:; 31 May 2019

What is CVE-2019-10047?

A stored XSS vulnerability exists in the Pydio web application, specifically in versions up to 8.2.2. This issue can be exploited through the application's file upload and preview functionalities. An attacker with valid credentials can upload an HTML file containing malicious JavaScript code. If this file is shared with another authenticated user, they may inadvertently trigger the execution of the JavaScript by accessing the file preview URL. This occurs when the web browser interprets the uploaded HTML, executing the JavaScript code in the context of the victim's session, potentially leading to unauthorized actions or data exposure.

References

https://www.secureauth.com/labs/advisories

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 31, 2019
Vulnerability Reserved
Mar 25, 2019

CVE-2019-10047 Data

JSON