VYPR

M-Files Web

by M Files Corporation"

CVEs (10)

  • CVE-2023-4479Mar 4, 2024
    risk 0.00cvss epss 0.00

    Stored XSS Vulnerability in M-Files Web versions before 23.8 allows attacker to execute script on users browser via stored HTML document within limited time period.

  • CVE-2023-2325Oct 20, 2023
    risk 0.00cvss epss 0.00

    Stored XSS Vulnerability in M-Files Classic Web versions before 23.10 and LTS Service Release Versions before 23.2 LTS SR4 and 23.8 LTS SR1allows attacker to execute script on users browser via stored HTML document.

  • CVE-2023-3406Aug 25, 2023
    risk 0.00cvss epss 0.01

    Path Traversal issue in M-Files Classic Web versions below 23.6.12695.3 and LTS Service Release Versions before 23.2 LTS SR3 allows authenticated user to read some restricted files on the web server

  • CVE-2023-0213Mar 29, 2023
    risk 0.00cvss epss 0.00

    Elevation of privilege issue in M-Files Installer versions before 22.6 on Windows allows user to gain SYSTEM privileges via DLL hijacking.

  • CVE-2022-4862Mar 6, 2023
    risk 0.00cvss epss 0.00

    Rendering of HTML provided by another authenticated user is possible in browser on M-Files Web before 22.12.12140.3. This allows the content to steal user sensitive information. This issue affects M-Files New Web: before 22.12.12140.3.

  • CVE-2022-3284Mar 6, 2023
    risk 0.00cvss epss 0.01

    Download key for a file in a vault was passed in an insecure way that could easily be logged in M-Files New Web in M-Files before 22.11.12011.0. This issue affects M-Files New Web: before 22.11.12011.0.

  • CVE-2022-4264Dec 9, 2022
    risk 0.00cvss epss 0.01

    Incorrect Privilege Assignment in M-Files Web (Classic) in M-Files before 22.8.11691.0 allows low privilege user to change some configuration.

  • CVE-2022-4270Dec 2, 2022
    risk 0.00cvss epss 0.01

    Incorrect privilege assignment issue in M-Files Web in M-Files Web versions before 22.5.11436.1 could have changed permissions accidentally.

  • CVE-2021-41807Jan 18, 2022
    risk 0.00cvss epss 0.01

    Lack of rate limiting in M-Files Server and M-Files Web products with versions before 21.12.10873.0 in certain type of user accounts allows unlimited amount of attempts and therefore makes brute-forcing login accounts easier.

  • CVE-2021-37253Dec 5, 2021
    risk 0.00cvss epss 0.03

    M-Files Web before 20.10.9524.1 allows a denial of service via overlapping ranges (in HTTP requests with crafted Range or Request-Range headers). NOTE: this is disputed because the range behavior is the responsibility of the web server, not the responsibility of the individual…