What is CVE-2023-2981?

CVE-2023-2981 is a low-severity vulnerability in Abstrium Pydio Cells, classified under Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS). CVSS score: 3.5/10. Published 2023-05-30.

How severe is CVE-2023-2981?

Low severity. CVSS v3 base score is 3.5 out of 10.

XSS in Abstrium Pydio Cells

CVE-2023-2981

A vulnerability, which was classified as problematic, has been found in Abstrium Pydio Cells 4.2.0. This issue affects some unknown processing of the component Chat. The manipulation leads to basic cross site scripting. The attack may be i…

EPSS: 0.003 (57.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 3.5 (Low). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N.

Affected products

Abstrium Pydio Cells — versions 4.2.0

Weakness classification (CWE)

CWE-80 — Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

References

vuldb.com/ (vdb-entry, technical-description)
vuldb.com/ (signature, permissions-required)
pydio.com/en/community/releases/pydio-cells/pydio-cells-enterprise-421 (patch)
popalltheshells.medium.com/multiple-cves-affecting-pydio-cells-4-2-0-321e7e4712… (exploit)

Frequently asked questions

What is CVE-2023-2981?: CVE-2023-2981 is a low-severity vulnerability in Abstrium Pydio Cells, classified under Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS). CVSS score: 3.5/10. Published 2023-05-30.
How severe is CVE-2023-2981?: Low severity. CVSS v3 base score is 3.5 out of 10.