CVE-2018-1999016

Name of the Vulnerable Software and Affected Versions Pydio versions 8.2.0 and earlier

Description The issue is related to a Cross Site Scripting (XSS) vulnerability that can be exploited by an unauthenticated remote attacker. This can result in the manipulation of the web client via XSS code injection when a victim opens a specially crafted URL. The vulnerability is located in specific files, including ./core/vendor/meenie/javascript-packer/example-inline.php and ./core/vendor/dapphp/securimage/examples/test.mysql.static.php.

Recommendations For Pydio versions 8.2.0 and earlier, update to version 8.2.1 to resolve the issue.