Description
Reflected XSS in M-Files Hubshare before version 5.0.6.0 allows an attacker to execute arbitrary JavaScript code in the context of the victim’s browser session
Affected products
M-Files Hubshare before 5.0.6.0
More information
Certain input values could be used to cause M-Files Server to consume This vulnerability requires user interaction to be exploitable and the impact depends on the user’s access level. CVSS 4.0 CVSS-B Score: 8.5 CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/RE:M/U:Clear CWE: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) CAPEC: CAPEC-591 Reflected XSS Internal ID: 170713 Date issued: 2024-05-24 Credits: Markus Tirrenberg / WithSecure, Emma Kantanen / WithSecure
Exploitability
Publicly disclosed: No Exploited: No Probability of exploitation: low – responsibly reported
Links
History
2024-07-29 Published
