Description
Stored XSS in M-Files Hubshare versions before 5.0.6.0 allows an authenticated attacker to execute arbitrary JavaScript in user’s browser session
Affected products
M-Files Hubshare before 5.0.6.0
More information
To exploit the vulnerability, the attacker would need to be authenticated. Also some user interaction is required and to achieve measurable effects, the victim user would need to have higher privileges than the attacker. CVSS 4.0 CVSS-B Score: 8.5 CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/RE:M/U:Clear CWE: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) CAPEC: CAPEC-592 Stored XSS Internal ID: 170711 Date issued: 2024-07-29 Credits: Markus Tirrenberg / WithSecure, Emma Kantanen / WithSecure
Exploitability
Publicly disclosed: No Exploited: No Probability of exploitation: low – responsibly reported
