CVE-2024-27794

Name of the Vulnerable Software and Affected Versions Claris FileMaker Server versions prior to 20.3.2

Description The issue is related to a reflected Cross-Site Scripting vulnerability due to an improperly handled parameter in the FileMaker WebDirect login endpoint. This vulnerability was resolved by escaping the HTML contents of the login error message on the login page.

Recommendations For versions prior to 20.3.2, update to version 20.3.2 to resolve the issue. As a temporary workaround, consider restricting access to the FileMaker WebDirect login endpoint until the update is applied.