2 matches found
bumpify (>=0.0.0 <=0.5.1) potentially affected by CVE-2019-10047 via pydio (=0.4.1)
pydio PYPI version =0.4.1 is affected by a known vulnerability. The following packages have a transitive dependency on pydio and may be impacted: - bumpify =0.0.0, =0.5.1 Source cves: CVE-2019-10047 Source advisory: OSV:GHSA-5GHG-233H-7J79...
CVE-2019-10047
A stored XSS vulnerability exists in the web application of Pydio through 8.2.2 that can be exploited by levering the file upload and file preview features of the application. An authenticated attacker can upload an HTML file containing JavaScript code and afterwards a file preview URL can be use...