Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2018-1999016

Опубликовано: 23 июл. 2018
Источник: nvd
CVSS3: 6.1
CVSS2: 4.3
EPSS Низкий

Описание

Pydio version 8.2.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in ./core/vendor/meenie/javascript-packer/example-inline.php line 48; ./core/vendor/dapphp/securimage/examples/test.mysql.static.php lines: 114,118 that can result in an unauthenticated remote attacker manipulating the web client via XSS code injection. This attack appear to be exploitable via the victim openning a specially crafted URL. This vulnerability appears to have been fixed in version 8.2.1.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:pydio:pydio:*:*:*:*:*:*:*:*
Версия до 8.2.0 (включая)

EPSS

Процентиль: 40%
0.00187
Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

debian логотип

CVE-2018-1999016

CVSS3: 6.1
debian
больше 7 лет назад

Pydio version 8.2.0 and earlier contains a Cross Site Scripting (XSS) ...

github логотип

GHSA-wjmj-fqjq-3hfp

CVSS3: 6.1
github
больше 3 лет назад

Pydio version 8.2.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in ./core/vendor/meenie/javascript-packer/example-inline.php line 48; ./core/vendor/dapphp/securimage/examples/test.mysql.static.php lines: 114,118 that can result in an unauthenticated remote attacker manipulating the web client via XSS code injection. This attack appear to be exploitable via the victim openning a specially crafted URL. This vulnerability appears to have been fixed in version 8.2.1.

EPSS

Процентиль: 40%
0.00187
Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79