Vulnerabilities > Pydio > Cells > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-08 | CVE-2023-32750 | Server-Side Request Forgery (SSRF) vulnerability in Pydio Cells Pydio Cells through 4.1.2 allows SSRF. | 6.5 |
| 2023-06-08 | CVE-2023-32751 | Cross-site Scripting vulnerability in Pydio Cells Pydio Cells through 4.1.2 allows XSS. | 5.4 |
| 2021-09-30 | CVE-2021-41324 | Path Traversal vulnerability in Pydio Cells 2.2.9 Directory traversal in the Copy, Move, and Delete features in Pydio Cells 2.2.9 allows remote authenticated users to enumerate personal files (or Cells files belonging to any user) via the nodes parameter (for Copy and Move) or via the Path parameter (for Delete). | 6.5 |
| 2021-09-30 | CVE-2021-41323 | Path Traversal vulnerability in Pydio Cells 2.2.9 Directory traversal in the Compress feature in Pydio Cells 2.2.9 allows remote authenticated users to overwrite personal files, or Cells files belonging to any user, via the format parameter. | 6.5 |
| 2021-09-30 | CVE-2021-41325 | Unspecified vulnerability in Pydio Cells 2.2.9 Broken access control for user creation in Pydio Cells 2.2.9 allows remote anonymous users to create standard users via the profile parameter. | 6.5 |
| 2020-06-05 | CVE-2020-12849 | Cross-site Scripting vulnerability in Pydio Cells 2.0.4 Pydio Cells 2.0.4 allows any user to upload a profile image to the web application, including standard and shared user roles. | 5.4 |
| 2020-06-05 | CVE-2020-12848 | Improper Authentication vulnerability in Pydio Cells 2.0.4 In Pydio Cells 2.0.4, once an authenticated user shares a file selecting the create a public link option, a hidden shared user account is created in the backend with a random username. | 5.4 |
| 2020-06-04 | CVE-2020-12853 | Cross-site Scripting vulnerability in Pydio Cells 2.0.4 Pydio Cells 2.0.4 allows XSS. | 6.1 |
| 2020-06-04 | CVE-2020-12852 | Improper Input Validation vulnerability in Pydio Cells 2.0.4 The update feature for Pydio Cells 2.0.4 allows an administrator user to set a custom update URL and the public RSA key used to validate the downloaded update package. | 6.8 |
| 2019-06-20 | CVE-2019-12903 | Information Exposure Through an Error Message vulnerability in Pydio Cells Pydio Cells before 1.5.0, when supplied with a Name field in an unexpected Unicode format, fails to handle this and includes the database column/table name as pert of the error message, exposing sensitive information. | 4.3 |