8 matches found
CVE-2018-10213
Vaultize Enterprise File Sharing 17.05.31 is affected by a cross-site scripting (XSS) vulnerability in the invitation mail flow, where a recipient from a different user can modify HTML in the mail before sending it. This enables potential XSS payloads if trusted HTML is rendered by the recipient’...
CVE-2018-10207
CVE-2018-10207 relates to Vaultize Enterprise File Sharing 17.05.31, where a flaw in the FlexPaperViewer SWF reader allows an attacker to export restricted files due to missing authorization. The underlying issue is insufficient access control on the SWF viewer, enabling page-by-page access vecto...
CVE-2018-10208
CVE-2018-10208 affects Vaultize Enterprise File Sharing version 17.05.31. The vulnerability is an anonymous reflected XSS on the error page via the /share/error?message= URI. Impact described in connected documents is that arbitrary web script/HTML can be injected through that parameter. No explo...
CVE-2018-10212
CVE-2018-10212 affects Vaultize Enterprise File Sharing 17.05.31, due to improper authorization that allows creation of folders in another account when a device value is modified. Multiple connected sources document this vulnerability; NVD lists CVSSv3.0 base score 5.4 (Medium). PT-2018-9759 expl...
CVE-2018-10211
Vaultize Enterprise File Sharing 17.05.31 is affected by an improper authorization flaw that allows listing the history of another user by tampering the vaultize_session_id cookie. Root cause: insufficient access controls around user-history data, enabling unauthorized access without an exploited...
CVE-2018-10206
CVE-2018-10206 affects Vaultize Enterprise File Sharing version 17.05.31. The issue is a Stored XSS via the optional message field of a file request, indicating the vulnerability lies in how user-supplied content is handled in that field (root cause: reflected/stored HTML/JS in the message input ...
CVE-2018-10209
CVE-2018-10209 affects Vaultize Enterprise File Sharing 17.05.31, with a Stored XSS vulnerability in the file/folder download pop-up triggered by a crafted file or folder name. Connected sources (CNVD, CVE records, PRION/PT-Security entry) corroborate the issue and its presence in 17.05.31, but n...
CVE-2018-10210
The CVE-2018-10210 entry concerns Vaultize Enterprise File Sharing version 17.05.31. The vulnerability is described as an inability to properly restrict the password-reset feature, allowing enumeration of users. Affected component: password-reset workflow that leaks user identifiers; root cause n...