The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.
Common Name None VWE-ID VWE-2017-4075 Related Report None Severity MEDIUM Exploit Difficulty NORMAL Platform Affects all platforms supported by the vulnerable versions. Description Permissions escalation. Using a crafted image file, a user can view thumbnails of any image file hosted on the server. Does not affect Lite versions.
Discovered September 19, 2017 Resolved September 24, 2017 Patches Available 4.0.19 Patch Level 2
4.0.18 Patch Level 3
4.0.17 Patch Level 5
4.0.16 Patch Level 6
4.0.15 Patch Level 10
Workaround It is not possible to workaround this issue.
Categories: XSS:4.0.0 XSS:4.0.0 Alpha 1 XSS:4.0.0 Alpha 2 XSS:4.0.0 Alpha 3 XSS:4.0.0 Alpha 4 XSS:4.0.0 Alpha 5 XSS:4.0.0 Alpha 6 XSS:4.0.0 Alpha 7 XSS:4.0.0 Beta 1 XSS:4.0.0 Beta 2 XSS:4.0.0 Beta 3 XSS:4.0.0 Beta 4 XSS:4.0.0 Beta 5 XSS:4.0.0 Beta 6 XSS:4.0.0 Beta 7 XSS:4.0.0 Gamma 1 XSS:4.0.0 Gamma 2 XSS:4.0.0 Gamma 3 XSS:4.0.0 Gamma 4 XSS:4.0.0 Gamma 5 XSS:4.0.0 Gamma 6 XSS:4.0.0 Gamma 7 XSS:4.0.0 Patch Level 1 XSS:4.0.0 Patch Level 2 XSS:4.0.0 Patch Level 3 More…