Vulnerabilities > Pydio > Cells > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-06-08 CVE-2023-32750 Server-Side Request Forgery (SSRF) vulnerability in Pydio Cells
Pydio Cells through 4.1.2 allows SSRF.
network
low complexity
pydio CWE-918
6.5
2023-06-08 CVE-2023-32751 Cross-site Scripting vulnerability in Pydio Cells
Pydio Cells through 4.1.2 allows XSS.
network
low complexity
pydio CWE-79
5.4
2021-09-30 CVE-2021-41324 Path Traversal vulnerability in Pydio Cells 2.2.9
Directory traversal in the Copy, Move, and Delete features in Pydio Cells 2.2.9 allows remote authenticated users to enumerate personal files (or Cells files belonging to any user) via the nodes parameter (for Copy and Move) or via the Path parameter (for Delete).
network
low complexity
pydio CWE-22
4.0
2021-09-30 CVE-2021-41323 Path Traversal vulnerability in Pydio Cells 2.2.9
Directory traversal in the Compress feature in Pydio Cells 2.2.9 allows remote authenticated users to overwrite personal files, or Cells files belonging to any user, via the format parameter.
network
low complexity
pydio CWE-22
4.0
2021-09-30 CVE-2021-41325 Unspecified vulnerability in Pydio Cells 2.2.9
Broken access control for user creation in Pydio Cells 2.2.9 allows remote anonymous users to create standard users via the profile parameter.
network
low complexity
pydio
4.0
2020-06-11 CVE-2020-12850 Improper Privilege Management vulnerability in Pydio Cells 2.0.4
The following vulnerability applies only to the Pydio Cells Enterprise OVF version 2.0.4.
local
pydio CWE-269
6.9
2020-06-05 CVE-2020-12848 Incorrect Permission Assignment for Critical Resource vulnerability in Pydio Cells 2.0.4
In Pydio Cells 2.0.4, once an authenticated user shares a file selecting the create a public link option, a hidden shared user account is created in the backend with a random username.
network
pydio CWE-732
5.8
2020-06-04 CVE-2020-12853 Cross-site Scripting vulnerability in Pydio Cells 2.0.4
Pydio Cells 2.0.4 allows XSS.
network
pydio CWE-79
4.3
2020-06-04 CVE-2020-12851 Information Exposure vulnerability in Pydio Cells 2.0.4
Pydio Cells 2.0.4 allows an authenticated user to write or overwrite existing files in another user’s personal and cells folders (repositories) by uploading a custom generated ZIP file and leveraging the file extraction feature present in the web application.
network
low complexity
pydio CWE-200
5.5
2020-06-04 CVE-2020-12847 Improper Input Validation vulnerability in Pydio Cells 2.0.4
Pydio Cells 2.0.4 web application offers an administrative console named “Cells Console” that is available to users with an administrator role.
network
low complexity
pydio CWE-20
6.5