About
Search
Welcome to M-Files Empower – our new support experience. We'd love to hear what you think!Give feedback
Home/Product information and downloads/Security advisories

CVE-2022-4862 XSS vulnerability in M-Files Web

2023-03-06

Description

Rendering of HTML provided by another authenticated user is possible in browser on M-Files Web before 22.12.12140.3. This allows the content to steal user sensitive information.

Affected products

M-Files Web before 22.12.12140.3.

More information

Rendering of HTML provided by another authenticated user under the M-Files Web allows stealing of sensitive information. This requires existing authorized access from the attacker and user interaction from the victim. CVSS 3.1 Score: 5.0 CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N CWE: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor CAPEC: CAPEC-63 Cross-Site Scripting (XSS) Internal ID: 163512

Links

On this page
Description
Affected products
More information
Links
Popular links
What is enterprise content management?Business process managementCollaboration solutionsSolutions by industryKey capabilities
About M-Files
Contact usSchedule a demoCareersTrust CenterPrivacy policySecurity Hall of Fame
Resources
Customer Support PortalPartner HubDeveloper PortalUser guideM-Files CommunityTerms and conditions