4 matches found
CVE-2020-12849
Pydio Cells 2.0.4 allows any user to upload a profile image to the web application, including standard and shared user roles. These profile pictures can later be accessed directly with the generated URL by any unauthenticated or authenticated user...
Pydio Cells Cross-Site Scripting (CVE-2020-12849; CVE-2020-12853)
A cross site scripting vulnerability exists in Pydio Cells. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...
CVE-2020-12849
CVE-2020-12849 affects Pydio Cells 2.0.4. The vulnerability is a Stored Cross-Site Scripting (XSS) in profile pictures: any user can upload a profile image (including SVGs with embedded JavaScript) that can be accessed via a direct URL by any user (authenticated or not). Exploitation can trigger ...
: Pydio Cells 2.04 Multiple Vulnerabilities
1. Advisory Information Title : Pydio Cells 2.04 Multiple Vulnerabilities Advisory ID : CORE-2020-0007 Advisory URL : https://www.coresecurity.com/core-labs/advisories/pydio-cells-204-multiple-vulnerabilities Date published : 2020-05-28 Date of last update : 2020-05-28 Vendors contacted : Pydio...