Claris FileMaker Server before version 20.3.2 was susceptible to a reflected Cross-Site Scripting vulnerability due to an improperly handled parameter in the FileMaker WebDirect login endpoint. The vulnerability was resolved in FileMaker Server 20.3.2 by escaping the HTML contents of the login error message on the login page.
References
Configurations
No configuration.
History
21 Nov 2024, 09:05
Type | Values Removed | Values Added |
---|---|---|
References | () https://support.claris.com/s/article/Security-Vulnerability-in-Claris-FileMaker-Server?language=en_US - |
03 Jul 2024, 01:50
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.3 |
CWE | CWE-79 |
16 Apr 2024, 13:24
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
15 Apr 2024, 23:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-04-15 23:15
Updated : 2024-11-21 09:05
NVD link : CVE-2024-27794
Mitre link : CVE-2024-27794
CVE.ORG link : CVE-2024-27794
JSON object : View
Products Affected
No product.
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')