CVE-2020-12849: XSS
First published: Fri Jun 05 2020(Updated: )
Pydio Cells 2.0.4 allows any user to upload a profile image to the web application, including standard and shared user roles. These profile pictures can later be accessed directly with the generated URL by any unauthenticated or authenticated user.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Pydio Cells | =2.0.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-12849?
The severity of CVE-2020-12849 is medium with a severity value of 5.4.
How does CVE-2020-12849 affect Pydio Cells?
CVE-2020-12849 affects Pydio Cells version 2.0.4.
What is the vulnerability type of CVE-2020-12849?
CVE-2020-12849 is a vulnerability of type Cross-Site Scripting (XSS).
How can an attacker exploit CVE-2020-12849?
An attacker can exploit CVE-2020-12849 by uploading a profile image to the web application, which can be accessed by any unauthenticated or authenticated user.
Are there any references for CVE-2020-12849?
Yes, you can find references for CVE-2020-12849 at the following links: [Link 1](http://packetstormsecurity.com/files/158002/Pydio-Cells-2.0.4-XSS-File-Write-Code-Execution.html), [Link 2](https://www.coresecurity.com/advisories), [Link 3](https://www.coresecurity.com/core-labs/advisories/pydio-cells-204-multiple-vulnerabilities).
- collector/nvd-index
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/references
- agent/first-publish-date
- agent/event
- agent/description
- agent/tags
- agent/source
- vendor/pydio
- canonical/pydio cells
- version/pydio cells/2.0.4