Lucene search
K
VaultizeEnterprise File Sharing

8 matches found

CVE
CVE
added 2018/04/25 6:0 p.m.54 views

CVE-2018-10213

Vaultize Enterprise File Sharing 17.05.31 is affected by a cross-site scripting (XSS) vulnerability in the invitation mail flow, where a recipient from a different user can modify HTML in the mail before sending it. This enables potential XSS payloads if trusted HTML is rendered by the recipient’...

5.4CVSS5.2AI score0.00624EPSS
CVE
CVE
added 2018/04/25 6:0 p.m.52 views

CVE-2018-10207

CVE-2018-10207 relates to Vaultize Enterprise File Sharing 17.05.31, where a flaw in the FlexPaperViewer SWF reader allows an attacker to export restricted files due to missing authorization. The underlying issue is insufficient access control on the SWF viewer, enabling page-by-page access vecto...

5.3CVSS5.2AI score0.01055EPSS
CVE
CVE
added 2018/04/25 6:0 p.m.52 views

CVE-2018-10208

CVE-2018-10208 affects Vaultize Enterprise File Sharing version 17.05.31. The vulnerability is an anonymous reflected XSS on the error page via the /share/error?message= URI. Impact described in connected documents is that arbitrary web script/HTML can be injected through that parameter. No explo...

6.1CVSS5.9AI score0.0081EPSS
CVE
CVE
added 2018/04/25 6:0 p.m.51 views

CVE-2018-10212

CVE-2018-10212 affects Vaultize Enterprise File Sharing 17.05.31, due to improper authorization that allows creation of folders in another account when a device value is modified. Multiple connected sources document this vulnerability; NVD lists CVSSv3.0 base score 5.4 (Medium). PT-2018-9759 expl...

5.5CVSS5.4AI score0.00649EPSS
CVE
CVE
added 2018/04/25 6:0 p.m.50 views

CVE-2018-10211

Vaultize Enterprise File Sharing 17.05.31 is affected by an improper authorization flaw that allows listing the history of another user by tampering the vaultize_session_id cookie. Root cause: insufficient access controls around user-history data, enabling unauthorized access without an exploited...

5.3CVSS5.3AI score0.01055EPSS
CVE
CVE
added 2018/04/25 6:0 p.m.49 views

CVE-2018-10206

CVE-2018-10206 affects Vaultize Enterprise File Sharing version 17.05.31. The issue is a Stored XSS via the optional message field of a file request, indicating the vulnerability lies in how user-supplied content is handled in that field (root cause: reflected/stored HTML/JS in the message input ...

5.4CVSS5.1AI score0.00624EPSS
CVE
CVE
added 2018/04/25 6:0 p.m.48 views

CVE-2018-10209

CVE-2018-10209 affects Vaultize Enterprise File Sharing 17.05.31, with a Stored XSS vulnerability in the file/folder download pop-up triggered by a crafted file or folder name. Connected sources (CNVD, CVE records, PRION/PT-Security entry) corroborate the issue and its presence in 17.05.31, but n...

5.4CVSS5.1AI score0.00624EPSS
CVE
CVE
added 2018/04/25 6:0 p.m.46 views

CVE-2018-10210

The CVE-2018-10210 entry concerns Vaultize Enterprise File Sharing version 17.05.31. The vulnerability is described as an inability to properly restrict the password-reset feature, allowing enumeration of users. Affected component: password-reset workflow that leaks user identifiers; root cause n...

5.3CVSS5.3AI score0.01055EPSS