Cross Site Scripting Vulnerability in Pydio Core Software
CVE-2024-40124

Currently unrated

Key Information:

Vendor: Pydio
Status: Pydio Core
Vendor: CVE Published:; 17 April 2025

What is CVE-2024-40124?

Pydio Core versions up to 8.2.5 have a vulnerability that allows attackers to exploit the New URL Bookmark feature, leading to potential Cross Site Scripting (XSS) attacks. This vulnerability can enable unauthorized users to inject arbitrary scripts into webpages viewed by other users, potentially compromising sensitive information and website integrity. It is recommended that users upgrade to the latest version to mitigate this risk.

References

https://gist.github.com/Xib3rR4dAr/711195d5793bfbb4364dc1...

https://pydio.com/en/community/releases/pydio-core/pydio-...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 17, 2025
Vulnerability Reserved
Jul 5, 2024

CVE-2024-40124 Data

JSON