PT-2023-18881 · M Files · M-Files Classic Web

Abian Blome

Publicado

2023-10-19

Atualizado

2024-08-28

CVE-2023-2325

CVSS v3.1

7.3

Alta

Vetor

AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions M-Files Classic Web versions before 23.10 M-Files Classic Web LTS Service Release Versions before 23.2 LTS SR4 M-Files Classic Web LTS Service Release Versions before 23.8 LTS SR1

Description The issue allows an attacker to execute a script on a user's browser via a stored HTML document. This is a Stored XSS vulnerability.

Recommendations For M-Files Classic Web versions before 23.10, update to version 23.10 or later. For M-Files Classic Web LTS Service Release Versions before 23.2 LTS SR4, update to 23.2 LTS SR4 or later. For M-Files Classic Web LTS Service Release Versions before 23.8 LTS SR1, update to 23.8 LTS SR1 or later.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2023-2325

Produtos afetados

M-Files Classic Web

PT-2023-18881 · M Files · M-Files Classic Web

CVE-2023-2325

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7