Description
Stored Cross-Site Scripting vulnerability in Social Module in M-Files Hubshare before version 5.0.6.0 allows authenticated attacker to run scripts in other users browser
Affected products
M-Files Hubshare before 5.0.6.0
More information
Stored XSS was usable in Hubshare’s social module. The vulnerability requires attacker to authenticate to Hubshare and was not usable anonymously. CVSS 4.0 Base Score: 7.0 CVSS 4.0 Base+Threat Score: 4.7 CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N CWE: CWE-79 Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) CAPEC: CAPEC-592: Stored XSS Internal ID: – Date issued: 2024-05-24 Credits: Wesley R @ Resillion
Exploitability
Publicly disclosed: No Exploited: No Probability of exploitation: low – responsibly reported
Links
History
2024-05-24 Published 2024-07-29 “Fixed version” number updated. 2024-08-30 “More information section” in this advisory corrected, the text was incorrect.
