About
Search
Welcome to M-Files Empower – our new support experience. We'd love to hear what you think!Give feedback
Home/Product information and downloads/Security advisories

CVE-2022-39017 Avoid any XSS script execution from comments areas (social, document comment, form comment, etc)

2022-08-20

Description

All the comments areas (document, social, form, etc) could lead in a XSS vulnerabilities. Risk level: Critical Fix: Upgrade to version 3.3.10.8 or later.

Affected products

Hubshare

More information

Issue has been fixed by using more appropriated angular native function to secure html rendering and avoid XSS leaks. ACKNOWLEDGEMENT We thank Michael Newton <mnewton@themissinglink.com.au> for responsible disclosure.

Links

On this page
Description
Affected products
More information
Links
Popular links
What is enterprise content management?Business process managementCollaboration solutionsSolutions by industryKey capabilities
About M-Files
Contact usSchedule a demoCareersTrust CenterPrivacy policySecurity Hall of Fame
Resources
Customer Support PortalPartner HubDeveloper PortalUser guideM-Files CommunityTerms and conditions