CVE-2019-10049

Name of the Vulnerable Software and Affected Versions: Pydio versions prior to 8.2.3

Description: The issue allows an attacker with regular user access to trick an administrator into opening a malicious link shared through the application, which can execute JavaScript code in the context of the victim user. This can lead to the theft of sensitive information, such as session identifiers, and allow the attacker to perform actions on behalf of the victim.

Recommendations: For versions prior to 8.2.3, update to version 8.2.3 or later to resolve the issue. As a temporary workaround, consider restricting the ability to share links to files that may contain JavaScript code until a patch is available. Avoid using the application's file sharing feature to open links from untrusted sources until the issue is resolved.