Cross-Site Scripting Vulnerability in Pydio by Pydio SA
CVE-2019-10049

7.3HIGH

Key Information:

Vendor: Pydio
Status: Pydio
Vendor: CVE Published:; 31 May 2019

What is CVE-2019-10049?

A Cross-Site Scripting vulnerability exists in Pydio version 8.2.2 that enables an attacker with regular user access to deceive an administrator into clicking a crafted link. This link can trigger the execution of malicious JavaScript code within the context of the administrator's session. Consequently, this can lead to unauthorized disclosure of sensitive information such as session identifiers, allowing the attacker to perform actions on behalf of the administrator.

References

https://www.secureauth.com/labs/advisories

x_refsource_MISC

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 31, 2019
Vulnerability Reserved
Mar 25, 2019

CVE-2019-10049 Data

JSON