CVE-2019-10049: XSS
First published: Fri May 31 2019(Updated: )
It is possible for an attacker with regular user access to the web application of Pydio through 8.2.2 to trick an administrator user into opening a link shared through the application, that in turn opens a shared file that contains JavaScript code (that is executed in the context of the victim user to obtain sensitive information such as session identifiers and perform actions on behalf of him/her).
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Pydio Cells | <=8.2.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2019-10049.
What is the severity rating of CVE-2019-10049?
The severity rating of CVE-2019-10049 is high with a score of 7.3.
What is the affected software of CVE-2019-10049?
The affected software of CVE-2019-10049 is Pydio version 8.2.2.
How can an attacker exploit CVE-2019-10049?
An attacker with regular user access can trick an administrator user into opening a shared link that contains JavaScript code.
Is there a fix available for CVE-2019-10049?
Yes, please refer to the provided advisory for mitigation steps.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/references
- agent/weakness
- agent/severity
- agent/event
- agent/first-publish-date
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/pydio
- canonical/pydio cells
- version/pydio cells/8.2.2