PT-2023-18881 · M Files · M-Files Classic Web
Abian Blome
+1
·
Published
2023-10-19
·
Updated
2024-08-28
·
CVE-2023-2325
CVSS v3.1
7.3
High
| Vector | AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
M-Files Classic Web versions before 23.10
M-Files Classic Web LTS Service Release Versions before 23.2 LTS SR4
M-Files Classic Web LTS Service Release Versions before 23.8 LTS SR1
Description
The issue allows an attacker to execute a script on a user's browser via a stored HTML document. This is a Stored XSS vulnerability.
Recommendations
For M-Files Classic Web versions before 23.10, update to version 23.10 or later.
For M-Files Classic Web LTS Service Release Versions before 23.2 LTS SR4, update to 23.2 LTS SR4 or later.
For M-Files Classic Web LTS Service Release Versions before 23.8 LTS SR1, update to 23.8 LTS SR1 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
M-Files Classic Web