CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3087 – Stored XSS Vulnerability in M-Files Web
https://notcve.org/view.php?id=CVE-2025-3087
04 Apr 2025 — Stored XSS in M-Files Web versions from 25.1.14445.5 to 25.2.14524.4 allows an authenticated user to run scripts XSS almacenado en las versiones de M-Files Web 25.1.14445.5 a 25.2.14524.4 permiten que un usuario autenticado ejecute scripts • https://product.m-files.com/security-advisories/cve-2025-3087 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4479 – Stored XSS Vulnerability in M-Files Web
https://notcve.org/view.php?id=CVE-2023-4479
04 Mar 2024 — Stored XSS Vulnerability in M-Files Web versions before 23.8 allows attacker to execute script on users browser via stored HTML document within limited time period. • https://www.m-files.com/about/trust-center/security-advisories/cve-2023-4479 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-41807 – Lack of rate limiting in M-Files Server and M-Files Web products with versions before 21.12.10873.0, allows brute-forcing of certain type of user accounts.
https://notcve.org/view.php?id=CVE-2021-41807
18 Jan 2022 — Lack of rate limiting in M-Files Server and M-Files Web products with versions before 21.12.10873.0 in certain type of user accounts allows unlimited amount of attempts and therefore makes brute-forcing login accounts easier. Una falta de limitación de velocidad en los productos M-Files Server y M-Files Web versiones anteriores a 21.12.10873.0, en determinados tipos de cuentas de usuario permite una cantidad ilimitada de intentos y, por tanto, facilita un ataque de fuerza bruta de las cuentas de inicio de s... • https://www.m-files.com/about/trust-center/security-vulnerabilities/cve-2021-41807 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 7.8EPSS: 3%CPEs: 1EXPL: 5CVE-2021-37253 – M-Files Web Denial of Service
https://notcve.org/view.php?id=CVE-2021-37253
03 Dec 2021 — M-Files Web before 20.10.9524.1 allows a denial of service via overlapping ranges (in HTTP requests with crafted Range or Request-Range headers). NOTE: this is disputed because the range behavior is the responsibility of the web server, not the responsibility of the individual web application ** EN DISPUTA ** M-Files Web antes de la versión 20.10.9524.1 permite una denegación de servicio a través de rangos superpuestos (en peticiones HTTP con cabeceras Range o Request-Range manipuladas). NOTA: esto se cuest... • https://packetstorm.news/files/id/165139 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-37254
https://notcve.org/view.php?id=CVE-2021-37254
28 Oct 2021 — In M-Files Web product with versions before 20.10.9524.1 and 20.10.9445.0, a remote attacker could use a flaw to obtain unauthenticated access to 3rd party component license key information on server. En el producto M-Files Web con versiones anteriores a 20.10.9524.1 y 20.10.9445.0, un atacante remoto podría usar un fallo para obtener acceso no autenticado a la información de la clave de licencia de componentes de terceros en el servidor • https://www.m-files.com/about/trust-center/security-vulnerabilities/cve-2021-37254 •