CVE-2023-4479 – Stored XSS Vulnerability in M-Files Web
https://notcve.org/view.php?id=CVE-2023-4479
Stored XSS Vulnerability in M-Files Web versions before 23.8 allows attacker to execute script on users browser via stored HTML document within limited time period. • https://www.m-files.com/about/trust-center/security-advisories/cve-2023-4479 https://product.m-files.com/security-advisories/cve-2023-4479 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-0563 – Denial of service condition in M-Files Server
https://notcve.org/view.php?id=CVE-2024-0563
Denial of service condition in M-Files Server in versions before 24.2 (excluding 23.2 SR7 and 23.8 SR5) allows anonymous user to cause denial of service against other anonymous users. La condición de denegación de servicio en M-Files Server en versiones anteriores a la 24.2 (excluyendo 23.2 SR7 y 23.8 SR5) permite a un usuario anónimo provocar una denegación de servicio contra otros usuarios anónimos. • https://www.m-files.com/about/trust-center/security-advisories/cve-2024-0563 https://product.m-files.com/security-advisories/cve-2024-0563 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •