CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6789 – Path traversal in M-Files API
https://notcve.org/view.php?id=CVE-2024-6789
A path traversal issue in API endpoint in M-Files Server before version 24.8.13981.0 allows authenticated user to read files Un problema de path traversal en el endpoint de API en M-Files Server anterior a la versión 24.8.13981.0 permite que un usuario autenticado lea archivos A path traversal issue in API endpoint in M-Files Server before version 24.8.13981.0 and LTS 24.2.13421.15 SR2 and LTS 23.8.12892.0 SR6 allows authenticated user to read files • https://product.m-files.com/security-advisories/cve-2024-6789 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6124 – Reflected XSS in Hubshare via Open Redirect
https://notcve.org/view.php?id=CVE-2024-6124
Reflected XSS in M-Files Hubshare before version 5.0.6.0 allows an attacker to execute arbitrary JavaScript code in the context of the victim's browser session • https://www.m-files.com/about/trust-center/security-advisories/cve-2024-6124 https://product.m-files.com/security-advisories/cve-2024-6124 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6881 – Stored XSS Vulnerability
https://notcve.org/view.php?id=CVE-2024-6881
Stored XSS in M-Files Hubshare versions before 5.0.6.0 allows an authenticated attacker to execute arbitrary JavaScript in user's browser session • https://www.m-files.com/about/trust-center/security-advisories/cve-2024-6881 https://product.m-files.com/security-advisories/cve-2024-6881 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5142 – XSS in Hubshare's social module
https://notcve.org/view.php?id=CVE-2024-5142
Stored Cross-Site Scripting vulnerability in Social Module in M-Files Hubshare before version 5.0.3.8 allows authenticated attacker to run scripts in other users browser Vulnerabilidad de Cross-Site Scripting almacenadas en Social Module in M-Files Hubshare anterior a la versión 5.0.3.8 permite a un atacante autenticado ejecutar scripts en el navegador de otros usuarios Stored Cross-Site Scripting vulnerability in Social Module in M-Files Hubshare before version 5.0.6.0 allows authenticated attacker to run scripts in other users browser • https://www.m-files.com/about/trust-center/security-advisories/cve-2024-5142 https://product.m-files.com/security-advisories/cve-2024-5142 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4056 – Denial of service condition in M-Files Server
https://notcve.org/view.php?id=CVE-2024-4056
Denial of service condition in M-Files Server in versions before 24.4.13592.4 and after 23.11 (excluding 24.2 LTS) allows unauthenticated user to consume computing resources. La condición de denegación de servicio en M-Files Server en versiones anteriores a 24.4.13592.4 y posteriores a 23.11 (excluyendo 24.2 LTS) permite a usuarios no autenticados consumir recursos informáticos. • https://www.m-files.com/about/trust-center/security-advisories/cve-2024-4056 https://product.m-files.com/security-advisories/cve-2024-4056 • CWE-400: Uncontrolled Resource Consumption CWE-1333: Inefficient Regular Expression Complexity •