Description
Stored cross-site scripting vulnerability in M-Files Hubshare before version 25.8 allows authenticated attackers to cause script execution for other users.
Affected products
M-Files Hubshare before Aug ’25 (25.8)
More information
Mitigation for this vulnerability is to update M-Files Hubshare to August ’25 release (25.8) or newer. Hubshare cloud customers will be updated automatically. CVSS 4.0 Base Score (CVSS-B): 7.0 CVSS 4.0 Base+Threat (CVSS-BT): 4.7 CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U CWE: CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) CAPEC: CAPEC-592: Stored XSS Internal ID: HUB-905 Date issued: 2025-09-15 Alternate IDs: EUVD-2025-29173 Credits: Kristian von Strokirch / Certezza AB
Exploitability
Publicly disclosed: No Exploited: No Probability of exploitation: low – responsibly reported
Links
History
2025-09-15 Published 2025-10-01 Credits added
