Vulnerabilities > Pydio

DATE CVE VULNERABILITY TITLE RISK
2018-07-23 CVE-2018-1999017 Server-Side Request Forgery (SSRF) vulnerability in Pydio
Pydio version 8.2.0 and earlier contains a Server-Side Request Forgery (SSRF) vulnerability in plugins/action.updater/UpgradeManager.php Line: 154, getUpgradePath($url) that can result in an authenticated admin users requesting arbitrary URL's, pivoting requests through the server.
network
low complexity
pydio CWE-918
4.9
2018-07-23 CVE-2018-1999016 Cross-site Scripting vulnerability in Pydio
Pydio version 8.2.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in ./core/vendor/meenie/javascript-packer/example-inline.php line 48; ./core/vendor/dapphp/securimage/examples/test.mysql.static.php lines: 114,118 that can result in an unauthenticated remote attacker manipulating the web client via XSS code injection.
network
low complexity
pydio CWE-79
6.1
2017-09-19 CVE-2015-3432 Cross-site Scripting vulnerability in Pydio
Multiple cross-site scripting (XSS) vulnerabilities in Pydio (formerly AjaXplorer) before 6.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Pydio XSS Vulnerabilities."
network
low complexity
pydio CWE-79
6.1
2017-09-19 CVE-2015-3431 OS Command Injection vulnerability in Pydio
Pydio (formerly AjaXplorer) before 6.0.7 allows remote attackers to execute arbitrary commands via unspecified vectors, aka "Pydio OS Command Injection Vulnerabilities."
network
low complexity
pydio CWE-78
critical
9.8