CVE-2024-6881

Stored XSS in M-Files Hubshare versions before 5.0.6.0 allows an authenticated attacker to execute arbitrary JavaScript in user's browser session
Configurations

Configuration 1 (hide)

cpe:2.3:a:m-files:hubshare:*:*:*:*:*:*:*:*

History

27 Aug 2024, 11:15

Type Values Removed Values Added
References
  • {'url': 'https://www.m-files.com/about/trust-center/security-advisories/cve-2024-6881/', 'tags': ['Vendor Advisory'], 'source': 'security@m-files.com'}
  • () https://product.m-files.com/security-advisories/cve-2024-6881/ -

08 Aug 2024, 20:24

Type Values Removed Values Added
References () https://www.m-files.com/about/trust-center/security-advisories/cve-2024-6881/ - () https://www.m-files.com/about/trust-center/security-advisories/cve-2024-6881/ - Vendor Advisory
CPE cpe:2.3:a:m-files:hubshare:*:*:*:*:*:*:*:*
First Time M-files hubshare
M-files
Summary
  • (es) XSS almacenado en versiones de M-Files Hubshare anteriores a 5.0.6.0 permite a un atacante autenticado ejecutar JavaScript arbitrario en la sesión del navegador del usuario
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.4

29 Jul 2024, 13:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-29 13:15

Updated : 2024-08-27 11:15


NVD link : CVE-2024-6881

Mitre link : CVE-2024-6881

CVE.ORG link : CVE-2024-6881


JSON object : View

Products Affected

m-files

  • hubshare
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')