Vulnerabilities > Pydio
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-07-23 | CVE-2018-1999017 | Server-Side Request Forgery (SSRF) vulnerability in Pydio Pydio version 8.2.0 and earlier contains a Server-Side Request Forgery (SSRF) vulnerability in plugins/action.updater/UpgradeManager.php Line: 154, getUpgradePath($url) that can result in an authenticated admin users requesting arbitrary URL's, pivoting requests through the server. | 4.9 |
2018-07-23 | CVE-2018-1999016 | Cross-site Scripting vulnerability in Pydio Pydio version 8.2.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in ./core/vendor/meenie/javascript-packer/example-inline.php line 48; ./core/vendor/dapphp/securimage/examples/test.mysql.static.php lines: 114,118 that can result in an unauthenticated remote attacker manipulating the web client via XSS code injection. | 6.1 |
2017-09-19 | CVE-2015-3432 | Cross-site Scripting vulnerability in Pydio Multiple cross-site scripting (XSS) vulnerabilities in Pydio (formerly AjaXplorer) before 6.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Pydio XSS Vulnerabilities." | 6.1 |
2017-09-19 | CVE-2015-3431 | OS Command Injection vulnerability in Pydio Pydio (formerly AjaXplorer) before 6.0.7 allows remote attackers to execute arbitrary commands via unspecified vectors, aka "Pydio OS Command Injection Vulnerabilities." | 9.8 |