PT-2018-9760 · Vaultize · Vaultize Enterprise File Sharing
Anthony Maia
+1
·
Published
2018-04-25
·
Updated
2025-05-30
·
CVE-2018-10213
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
Vaultize Enterprise File Sharing version 17.05.31
Description:
An issue was discovered where there is a cross-site scripting (XSS) vulnerability in the invitation mail received from a different user. This user can modify the HTML in the mail before sending it, potentially leading to XSS attacks.
Recommendations:
For Vaultize Enterprise File Sharing version 17.05.31, consider disabling the feature that allows users to modify the HTML in invitation mails until a patch is available. Restrict access to the mail invitation feature to minimize the risk of exploitation.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Vaultize Enterprise File Sharing