Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
m-files m-files web vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-4479
Stored XSS Vulnerability in M-Files Web versions prior to 23.8 allows malicious user to execute script on users browser via stored HTML document within limited time period.
7.8
CVSSv3
CVE-2023-5523
Execution of downloaded content flaw in M-Files Web Companion before release version 23.10 and LTS Service Release Versions prior to 23.8 LTS SR1 allows Remote Code Execution
M-files Web Companion
M-files Web Companion 23.8
7.3
CVSSv3
CVE-2023-5524
Insufficient blacklisting in M-Files Web Companion before release version 23.10 and LTS Service Release Versions prior to 23.8 LTS SR1 allows Remote Code Execution via specific file types
M-files Web Companion
M-files Web Companion 23.8
5.4
CVSSv3
CVE-2023-2325
Stored XSS Vulnerability in M-Files Classic Web versions prior to 23.10 and LTS Service Release Versions prior to 23.2 LTS SR4 and 23.8 LTS SR1allows malicious user to execute script on users browser via stored HTML document.
M-files Classic Web 23.2
M-files Classic Web 23.8
M-files Classic Web
6.5
CVSSv3
CVE-2023-3406
Path Traversal issue in M-Files Classic Web versions below 23.6.12695.3 and LTS Service Release Versions prior to 23.2 LTS SR3 allows authenticated user to read some restricted files on the web server
M-files Classic Web
M-files Classic Web 23.2
5.3
CVSSv3
CVE-2023-3425
Out-of-bounds read issue in M-Files Server versions below 23.8.12892.6 and LTS Service Release Versions prior to 23.2 LTS SR3 allows unauthenticated user to read restricted amount of bytes from memory.
M-files Classic Web
M-files Classic Web 23.2
7.5
CVSSv3
CVE-2022-3284
Download key for a file in a vault was passed in an insecure way that could easily be logged in M-Files New Web in M-Files prior to 22.11.12011.0. This issue affects M-Files New Web: prior to 22.11.12011.0.
M-files M-files Server
7.6
CVSSv3
CVE-2022-4862
Rendering of HTML provided by another authenticated user is possible in browser on M-Files Web prior to 22.12.12140.3. This allows the content to steal user sensitive information. This issue affects M-Files New Web: prior to 22.12.12140.3.
M-files M-files Server
4.3
CVSSv3
CVE-2022-4264
Incorrect Privilege Assignment in M-Files Web (Classic) in M-Files prior to 22.8.11691.0 allows low privilege user to change some configuration.
M-files M-files
2.6
CVSSv3
CVE-2022-4270
Incorrect privilege assignment issue in M-Files Web in M-Files Web versions prior to 22.5.11436.1 could have changed permissions accidentally.
M-files M-files Server
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »