CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9174 – Stored HTML Injection in Hubshare social module
https://notcve.org/view.php?id=CVE-2024-9174
02 Oct 2024 — Stored HTML Injection in Social Module in M-Files Hubshare before version 5.0.8.6 allows authenticated user to spoof UI • https://product.m-files.com/security-advisories/cve-2024-9174 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6124 – Reflected XSS in Hubshare via Open Redirect
https://notcve.org/view.php?id=CVE-2024-6124
29 Jul 2024 — Reflected XSS in M-Files Hubshare before version 5.0.6.0 allows an attacker to execute arbitrary JavaScript code in the context of the victim's browser session Reflected XSS in M-Files Hubshare before version 5.0.6.0 allows an attacker to execute arbitrary JavaScript code in the context of the victim's browser session • https://www.m-files.com/about/trust-center/security-advisories/cve-2024-6124 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6881 – Stored XSS Vulnerability
https://notcve.org/view.php?id=CVE-2024-6881
29 Jul 2024 — Stored XSS in M-Files Hubshare versions before 5.0.6.0 allows an authenticated attacker to execute arbitrary JavaScript in user's browser session • https://www.m-files.com/about/trust-center/security-advisories/cve-2024-6881 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5142 – XSS in Hubshare's social module
https://notcve.org/view.php?id=CVE-2024-5142
24 May 2024 — Stored Cross-Site Scripting vulnerability in Social Module in M-Files Hubshare before version 5.0.3.8 allows authenticated attacker to run scripts in other users browser Vulnerabilidad de Cross-Site Scripting almacenadas en Social Module in M-Files Hubshare anterior a la versión 5.0.3.8 permite a un atacante autenticado ejecutar scripts en el navegador de otros usuarios Stored Cross-Site Scripting vulnerability in Social Module in M-Files Hubshare before version 5.0.6.0 allows authenticated attacker to run ... • https://www.m-files.com/about/trust-center/security-advisories/cve-2024-5142 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2022-39018 – Broken access controls on PDFtron data in M-Files Hubshare
https://notcve.org/view.php?id=CVE-2022-39018
31 Oct 2022 — Broken access controls on PDFtron data in M-Files Hubshare before 3.3.11.3 allows unauthenticated attackers to access restricted PDF files via a known URL. Los controles de acceso rotos a los datos de PDFtron en M-Files Hubshare anteriores a 3.3.11.3 permiten a atacantes no autenticados acceder a archivos PDF restringidos a través de una URL conocida. • https://www.themissinglink.com.au/security-advisories/cve-2022-39018 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-287: Improper Authentication CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-39019 – Broken access controls on PDFtron WebviewerUI in M-Files Hubshare
https://notcve.org/view.php?id=CVE-2022-39019
31 Oct 2022 — Broken access controls on PDFtron WebviewerUI in M-Files Hubshare before 3.3.11.3 allows unauthenticated attackers to upload malicious files to the application server. Los controles de acceso rotos en PDFtron WebviewerUI en M-Files Hubshare anterior a 3.3.11.3 permiten a atacantes no autenticados cargar archivos maliciosos al servidor de aplicaciones. • https://www.themissinglink.com.au/security-advisories/cve-2022-39019 • CWE-287: Improper Authentication CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2022-39017 – XSS in all comments fields in M-Files Hubshare
https://notcve.org/view.php?id=CVE-2022-39017
31 Oct 2022 — Improper input validation and output encoding in all comments fields, in M-Files Hubshare before 3.3.10.9 allows authenticated attackers to introduce cross-site scripting attacks via specially crafted comments. La validación de entrada y codificación de salida inadecuadas en todos los campos de comentarios, en M-Files Hubshare anterior a 3.3.10.9, permite a atacantes autenticados introducir ataques de Cross-Site Scripting (XSS) a través de comentarios especialmente manipulados. • https://www.themissinglink.com.au/security-advisories/cve-2022-39017 • CWE-20: Improper Input Validation CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-39016 – Javascript injection in PDFtron in M-Files Hubshare
https://notcve.org/view.php?id=CVE-2022-39016
31 Oct 2022 — Javascript injection in PDFtron in M-Files Hubshare before 3.3.10.9 allows authenticated attackers to perform an account takeover via a crafted PDF upload. La inyección de Javascript en PDFtron en M-Files Hubshare anterior a 3.3.10.9 permite a atacantes autenticados realizar una apropiación de cuenta mediante una carga de PDF manipulada. • https://www.themissinglink.com.au/security-advisories/cve-2022-39016 • CWE-20: Improper Input Validation CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •