PT-2026-21797 · Clarisa · Filemaker Server+1
Published
2026-02-24
·
Updated
2026-02-25
·
CVE-2025-46320
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
FileMaker versions prior to 22.0.4
FileMaker versions prior to 21.1.7
Description
A cross-site scripting (XSS) issue exists in FileMaker WebDirect custom homepages. Successful exploitation of this issue could allow for unauthorized access and remote code execution.
Recommendations
Update to FileMaker Server 22.0.4 or later.
Update to FileMaker Server 21.1.7 or later.
Fix
RCE
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Filemaker
Filemaker Server