VYPR

Filemaker Server

by Filemaker

CVEs (7)

  • CVE-2025-46320Feb 24, 2026
    risk 0.00cvss epss 0.00

    A cross-site scripting (XSS) vulnerability in a FileMaker WebDirect custom homepage could lead to unauthorized access and remote code execution. This vulnerability has been fully addressed in FileMaker Server 22.0.4 and FileMaker Server 21.1.7.

  • CVE-2025-46296Dec 16, 2025
    risk 0.00cvss epss 0.00

    An authorization bypass vulnerability in FileMaker Server Admin Console allowed administrator roles with minimal privileges to access administrative features such as viewing license details and downloading application logs. This vulnerability has been fully addressed in…

  • CVE-2024-27790Apr 26, 2024
    risk 0.00cvss epss 0.00

    Claris International has resolved an issue of potentially allowing unauthorized access to records stored in databases hosted on FileMaker Server. This issue has been fixed in FileMaker Server 20.3.2 by validating transactions before replying to client requests.

  • CVE-2023-42955Apr 26, 2024
    risk 0.00cvss epss 0.00

    Claris International has successfully resolved an issue of potentially exposing password information to front-end websites when signed in to the Admin Console with an administrator role. This issue has been fixed in FileMaker Server 20.3.1 by eliminating the send of Admin Role…

  • CVE-2024-27794Apr 15, 2024
    risk 0.00cvss epss 0.00

    Claris FileMaker Server before version 20.3.2 was susceptible to a reflected Cross-Site Scripting vulnerability due to an improperly handled parameter in the FileMaker WebDirect login endpoint. The vulnerability was resolved in FileMaker Server 20.3.2 by escaping the HTML…

  • CVE-2021-44147Nov 22, 2021
    risk 0.00cvss epss 0.01

    An XML External Entity issue in Claris FileMaker Pro and Server (including WebDirect) before 19.4.1 allows a remote attacker to disclose local files via a crafted XML/Excel document and perform server-side request forgery attacks.

  • CVE-2007-6104Nov 23, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Instant Web Publishing feature in FileMaker Pro 7 and 8, Server 7 and 8, and Developer 7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.