Advisory: Pydio Cells: Cross-Site Scripting via File DownloadPydio Cells implements the download of files using presigned URLs whichare generated using the Amazon AWS SDK for JavaScript [1]. The secretsused to sign these URLs are hardcoded and exposed through the JavaScriptfiles of the web application. Therefore, it is possible to generatevalid signatures for arbitrary download URLs.