PT-2024-37924 · M Files · M-Files Hubshare

Emma Kantanen

Published

2024-07-29

Updated

2026-02-23

CVE-2024-6881

CVSS v4.0

8.5

High

Vector

AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/RE:M/U:Clear

Name of the Vulnerable Software and Affected Versions M-Files Hubshare versions prior to 5.0.6.0

Description The issue allows an authenticated attacker to execute arbitrary JavaScript in a user's browser session. This is achieved through a stored XSS attack.

Recommendations For versions prior to 5.0.6.0, update to version 5.0.6.0 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the application to minimize the risk of exploitation.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2024-6881

Affected Products

M-Files Hubshare

PT-2024-37924 · M Files · M-Files Hubshare

CVE-2024-6881

Weakness Enumeration

Related Identifiers

Affected Products

References · 8