Vulnerabilities > Pydio > Cells > 2.2.9
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-08 | CVE-2023-32750 | Server-Side Request Forgery (SSRF) vulnerability in Pydio Cells Pydio Cells through 4.1.2 allows SSRF. | 6.5 |
| 2023-06-08 | CVE-2023-32751 | Cross-site Scripting vulnerability in Pydio Cells Pydio Cells through 4.1.2 allows XSS. | 5.4 |
| 2023-06-08 | CVE-2023-32749 | Incorrect Authorization vulnerability in Pydio Cells Pydio Cells allows users by default to create so-called external users in order to share files with them. | 8.8 |
| 2021-09-30 | CVE-2021-41324 | Path Traversal vulnerability in Pydio Cells 2.2.9 Directory traversal in the Copy, Move, and Delete features in Pydio Cells 2.2.9 allows remote authenticated users to enumerate personal files (or Cells files belonging to any user) via the nodes parameter (for Copy and Move) or via the Path parameter (for Delete). | 6.5 |
| 2021-09-30 | CVE-2021-41323 | Path Traversal vulnerability in Pydio Cells 2.2.9 Directory traversal in the Compress feature in Pydio Cells 2.2.9 allows remote authenticated users to overwrite personal files, or Cells files belonging to any user, via the format parameter. | 6.5 |
| 2021-09-30 | CVE-2021-41325 | Unspecified vulnerability in Pydio Cells 2.2.9 Broken access control for user creation in Pydio Cells 2.2.9 allows remote anonymous users to create standard users via the profile parameter. | 6.5 |