Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
It is possible for an attacker with regular user access to the web application of Pydio through 8.2.2 to trick an administrator user into opening a link shared through the application, that in turn opens a shared file that contains JavaScript code (that is executed in the context of the victim user to obtain sensitive information such as session identifiers and perform actions on behalf of him/her).
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Pydio 权限许可和访问控制问题漏洞
Vulnerability Description
Pydio(AjaXplorer)是一款基于Web的远程文件管理器。该管理器支持上传和下载文件、在线文件编辑、图片预览等。 Pydio 8.2.2及之前版本中存在安全漏洞。攻击者可利用该漏洞获取敏感信息(例如会话标识符)并以用户权限执行操作。
CVSS Information
N/A
Vulnerability Type
N/A