CVE-2019-10049

HIGH Year: 2019
CVSS v3 Score
7.3
High
CVSS v2 Score
4.9
Medium
Weakness Type
CWE-79
View all →

Vulnerability Description

It is possible for an attacker with regular user access to the web application of Pydio through 8.2.2 to trick an administrator user into opening a link shared through the application, that in turn opens a shared file that contains JavaScript code (that is executed in the context of the victim user to obtain sensitive information such as session identifiers and perform actions on behalf of him/her).

Related Vulnerabilities

CVE-2019-17331

HIGH
CVSS:7.3(High)

The Data Exchange Web Interface component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains a vulnerability that theoretically allows authenticated users to perform stored cross-site scripting (XSS)...

CWE-792019

CVE-2019-17332

HIGH
CVSS:7.3(High)

The Digital Asset Manager Web Interface component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains a vulnerability that theoretically allows authenticated users to perform stored cross-site scripti...

CWE-792019

CVE-2019-17338

HIGH
CVSS:7.3(High)

The user interface component of TIBCO Software Inc.'s TIBCO Patterns - Search contains multiple vulnerabilities that theoretically allow authenticated users to perform persistent cross-site scripting ...

CWE-792019

CVE-2020-15154

HIGH
CVSS:7.3(High)

baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components are: content_fields...

CWE-792020

CVE-2020-15155

HIGH
CVSS:7.3(High)

baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components is toolbar.php. The...

CWE-792020

CVE-2020-25163

HIGH
CVSS:7.3(High)

A remote attacker with write access to PI ProcessBook files could inject code that is imported into OSIsoft PI Vision 2020 versions prior to 3.5.0. Unauthorized information disclosure, modification, o...

CWE-792020