CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9174 – Stored HTML Injection in Hubshare social module
https://notcve.org/view.php?id=CVE-2024-9174
Stored HTML Injection in Social Module in M-Files Hubshare before version 5.0.8.6 allows authenticated user to spoof UI • https://product.m-files.com/security-advisories/cve-2024-9174 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6124 – Reflected XSS in Hubshare via Open Redirect
https://notcve.org/view.php?id=CVE-2024-6124
Reflected XSS in M-Files Hubshare before version 5.0.6.0 allows an attacker to execute arbitrary JavaScript code in the context of the victim's browser session • https://www.m-files.com/about/trust-center/security-advisories/cve-2024-6124 https://product.m-files.com/security-advisories/cve-2024-6124 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6881 – Stored XSS Vulnerability
https://notcve.org/view.php?id=CVE-2024-6881
Stored XSS in M-Files Hubshare versions before 5.0.6.0 allows an authenticated attacker to execute arbitrary JavaScript in user's browser session • https://www.m-files.com/about/trust-center/security-advisories/cve-2024-6881 https://product.m-files.com/security-advisories/cve-2024-6881 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5142 – XSS in Hubshare's social module
https://notcve.org/view.php?id=CVE-2024-5142
Stored Cross-Site Scripting vulnerability in Social Module in M-Files Hubshare before version 5.0.3.8 allows authenticated attacker to run scripts in other users browser Vulnerabilidad de Cross-Site Scripting almacenadas en Social Module in M-Files Hubshare anterior a la versión 5.0.3.8 permite a un atacante autenticado ejecutar scripts en el navegador de otros usuarios Stored Cross-Site Scripting vulnerability in Social Module in M-Files Hubshare before version 5.0.6.0 allows authenticated attacker to run scripts in other users browser • https://www.m-files.com/about/trust-center/security-advisories/cve-2024-5142 https://product.m-files.com/security-advisories/cve-2024-5142 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •