70 matches found
CVE-2018-10210
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. Enumeration of users is possible through the password-reset feature...
CVE-2018-10207
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. An attacker can exploit Missing Authorization on the FlexPaperViewer SWF reader, and export files that should have been restricted, via vectors involving page-by-page access to a document in SWF format...
CVE-2018-10211
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is improper authorization when listing the history of another user via a modified "vaultizesessionid" value in a cookie...
CVE-2018-10206
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is Stored XSS via the optional message field of a file request...
CVE-2018-10209
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is Stored XSS on the file or folder download pop-up via a crafted file or folder name...
CVE-2018-10210
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. Enumeration of users is possible through the password-reset feature...
Design/Logic Flaw
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is Stored XSS via the optional message field of a file request...
CVE-2018-10207
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. An attacker can exploit Missing Authorization on the FlexPaperViewer SWF reader, and export files that should have been restricted, via vectors involving page-by-page access to a document in SWF format...
CVE-2018-10208
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is anonymous reflected XSS on the error page via a /share/error?message= URI...
CVE-2018-10206
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is Stored XSS via the optional message field of a file request...
CVE-2018-10209
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is Stored XSS on the file or folder download pop-up via a crafted file or folder name...
CVE-2018-10210
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. Enumeration of users is possible through the password-reset feature...
CVE-2018-10213
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is XSS in invitation mail received from a different user, who can modify the HTML in that mail before sending it...
CVE-2018-10213
Vaultize Enterprise File Sharing 17.05.31 is affected by a cross-site scripting (XSS) vulnerability in the invitation mail flow, where a recipient from a different user can modify HTML in the mail before sending it. This enables potential XSS payloads if trusted HTML is rendered by the recipient’...
CVE-2018-10207
CVE-2018-10207 relates to Vaultize Enterprise File Sharing 17.05.31, where a flaw in the FlexPaperViewer SWF reader allows an attacker to export restricted files due to missing authorization. The underlying issue is insufficient access control on the SWF viewer, enabling page-by-page access vecto...
CVE-2018-10210
The CVE-2018-10210 entry concerns Vaultize Enterprise File Sharing version 17.05.31. The vulnerability is described as an inability to properly restrict the password-reset feature, allowing enumeration of users. Affected component: password-reset workflow that leaks user identifiers; root cause n...
CVE-2018-10212
CVE-2018-10212 affects Vaultize Enterprise File Sharing 17.05.31, due to improper authorization that allows creation of folders in another account when a device value is modified. Multiple connected sources document this vulnerability; NVD lists CVSSv3.0 base score 5.4 (Medium). PT-2018-9759 expl...
CVE-2018-10206
CVE-2018-10206 affects Vaultize Enterprise File Sharing version 17.05.31. The issue is a Stored XSS via the optional message field of a file request, indicating the vulnerability lies in how user-supplied content is handled in that field (root cause: reflected/stored HTML/JS in the message input ...
CVE-2018-10211
Vaultize Enterprise File Sharing 17.05.31 is affected by an improper authorization flaw that allows listing the history of another user by tampering the vaultize_session_id cookie. Root cause: insufficient access controls around user-history data, enabling unauthorized access without an exploited...
CVE-2018-10211
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is improper authorization when listing the history of another user via a modified "vaultizesessionid" value in a cookie...