M-Files Web
CVEs (10)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-4479 | 0.00 | — | 0.00 | Mar 4, 2024 | Stored XSS Vulnerability in M-Files Web versions before 23.8 allows attacker to execute script on users browser via stored HTML document within limited time period. | |||
| CVE-2023-2325 | 0.00 | — | 0.00 | Oct 20, 2023 | Stored XSS Vulnerability in M-Files Classic Web versions before 23.10 and LTS Service Release Versions before 23.2 LTS SR4 and 23.8 LTS SR1allows attacker to execute script on users browser via stored HTML document. | |||
| CVE-2023-3406 | 0.00 | — | 0.01 | Aug 25, 2023 | Path Traversal issue in M-Files Classic Web versions below 23.6.12695.3 and LTS Service Release Versions before 23.2 LTS SR3 allows authenticated user to read some restricted files on the web server | |||
| CVE-2023-0213 | 0.00 | — | 0.00 | Mar 29, 2023 | Elevation of privilege issue in M-Files Installer versions before 22.6 on Windows allows user to gain SYSTEM privileges via DLL hijacking. | |||
| CVE-2022-4862 | 0.00 | — | 0.00 | Mar 6, 2023 | Rendering of HTML provided by another authenticated user is possible in browser on M-Files Web before 22.12.12140.3. This allows the content to steal user sensitive information. This issue affects M-Files New Web: before 22.12.12140.3. | |||
| CVE-2022-3284 | 0.00 | — | 0.01 | Mar 6, 2023 | Download key for a file in a vault was passed in an insecure way that could easily be logged in M-Files New Web in M-Files before 22.11.12011.0. This issue affects M-Files New Web: before 22.11.12011.0. | |||
| CVE-2022-4264 | 0.00 | — | 0.01 | Dec 9, 2022 | Incorrect Privilege Assignment in M-Files Web (Classic) in M-Files before 22.8.11691.0 allows low privilege user to change some configuration. | |||
| CVE-2022-4270 | 0.00 | — | 0.01 | Dec 2, 2022 | Incorrect privilege assignment issue in M-Files Web in M-Files Web versions before 22.5.11436.1 could have changed permissions accidentally. | |||
| CVE-2021-41807 | 0.00 | — | 0.01 | Jan 18, 2022 | Lack of rate limiting in M-Files Server and M-Files Web products with versions before 21.12.10873.0 in certain type of user accounts allows unlimited amount of attempts and therefore makes brute-forcing login accounts easier. | |||
| CVE-2021-37253 | 0.00 | — | 0.03 | Dec 5, 2021 | M-Files Web before 20.10.9524.1 allows a denial of service via overlapping ranges (in HTTP requests with crafted Range or Request-Range headers). NOTE: this is disputed because the range behavior is the responsibility of the web server, not the responsibility of the individual… |
- CVE-2023-4479Mar 4, 2024risk 0.00cvss —epss 0.00
Stored XSS Vulnerability in M-Files Web versions before 23.8 allows attacker to execute script on users browser via stored HTML document within limited time period.
- CVE-2023-2325Oct 20, 2023risk 0.00cvss —epss 0.00
Stored XSS Vulnerability in M-Files Classic Web versions before 23.10 and LTS Service Release Versions before 23.2 LTS SR4 and 23.8 LTS SR1allows attacker to execute script on users browser via stored HTML document.
- CVE-2023-3406Aug 25, 2023risk 0.00cvss —epss 0.01
Path Traversal issue in M-Files Classic Web versions below 23.6.12695.3 and LTS Service Release Versions before 23.2 LTS SR3 allows authenticated user to read some restricted files on the web server
- CVE-2023-0213Mar 29, 2023risk 0.00cvss —epss 0.00
Elevation of privilege issue in M-Files Installer versions before 22.6 on Windows allows user to gain SYSTEM privileges via DLL hijacking.
- CVE-2022-4862Mar 6, 2023risk 0.00cvss —epss 0.00
Rendering of HTML provided by another authenticated user is possible in browser on M-Files Web before 22.12.12140.3. This allows the content to steal user sensitive information. This issue affects M-Files New Web: before 22.12.12140.3.
- CVE-2022-3284Mar 6, 2023risk 0.00cvss —epss 0.01
Download key for a file in a vault was passed in an insecure way that could easily be logged in M-Files New Web in M-Files before 22.11.12011.0. This issue affects M-Files New Web: before 22.11.12011.0.
- CVE-2022-4264Dec 9, 2022risk 0.00cvss —epss 0.01
Incorrect Privilege Assignment in M-Files Web (Classic) in M-Files before 22.8.11691.0 allows low privilege user to change some configuration.
- CVE-2022-4270Dec 2, 2022risk 0.00cvss —epss 0.01
Incorrect privilege assignment issue in M-Files Web in M-Files Web versions before 22.5.11436.1 could have changed permissions accidentally.
- CVE-2021-41807Jan 18, 2022risk 0.00cvss —epss 0.01
Lack of rate limiting in M-Files Server and M-Files Web products with versions before 21.12.10873.0 in certain type of user accounts allows unlimited amount of attempts and therefore makes brute-forcing login accounts easier.
- CVE-2021-37253Dec 5, 2021risk 0.00cvss —epss 0.03
M-Files Web before 20.10.9524.1 allows a denial of service via overlapping ranges (in HTTP requests with crafted Range or Request-Range headers). NOTE: this is disputed because the range behavior is the responsibility of the web server, not the responsibility of the individual…