Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/pydio@0.1.0rc4
Typepypi
Namespace
Namepydio
Version0.1.0rc4
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-k7uz-1s8h-6kez
vulnerability_id VCID-k7uz-1s8h-6kez
summary 
PyDio Stored XSS Vulnerability
A stored XSS vulnerability exists in the web application of Pydio through 8.2.2 that can be exploited by levering the file upload and file preview features of the application. An authenticated attacker can upload an HTML file containing JavaScript code and afterwards a file preview URL can be used to access the uploaded file. If a malicious user shares an uploaded HTML file containing JavaScript code with another user of the application, and tricks an authenticated victim into accessing a URL that results in the HTML code being interpreted by the web browser, then the included JavaScript code is executed under the context of the victim user session.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10047
reference_id
reference_type
scores
0
value 0.0032
scoring_system epss
scoring_elements 0.55336
published_at 2026-06-04T12:55:00Z
1
value 0.0032
scoring_system epss
scoring_elements 0.55385
published_at 2026-06-09T12:55:00Z
2
value 0.0032
scoring_system epss
scoring_elements 0.55386
published_at 2026-06-07T12:55:00Z
3
value 0.0032
scoring_system epss
scoring_elements 0.55397
published_at 2026-06-06T12:55:00Z
4
value 0.0032
scoring_system epss
scoring_elements 0.55392
published_at 2026-06-05T12:55:00Z
5
value 0.0032
scoring_system epss
scoring_elements 0.55366
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10047
1
reference_url https://github.com/mwiatrzyk/pydio
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mwiatrzyk/pydio
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10047
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10047
3
reference_url https://packetstormsecurity.com/files/152292/Pydio-8-Command-Execution-Cross-Site-Scripting.html
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://packetstormsecurity.com/files/152292/Pydio-8-Command-Execution-Cross-Site-Scripting.html
4
reference_url https://www.secureauth.com/labs/advisories/pydio-8-multiple-vulnerabilities
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.secureauth.com/labs/advisories/pydio-8-multiple-vulnerabilities
5
reference_url https://github.com/advisories/GHSA-5ghg-233h-7j79
reference_id GHSA-5ghg-233h-7j79
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5ghg-233h-7j79
fixed_packages
aliases CVE-2019-10047, GHSA-5ghg-233h-7j79
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k7uz-1s8h-6kez
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/pydio@0.1.0rc4