CVE-2024-6881: Stored XSS Vulnerability
DESCRIPTION
Stored XSS in M-Files Hubshare versions before 5.0.6.0 allows an authenticated attacker to execute arbitrary JavaScript in user’s browser session
AFFECTED PRODUCTS
M-Files Hubshare before 5.0.6.0
MORE INFORMATION
To exploit the vulnerability, the attacker would need to be authenticated. Also some user interaction is required and to achieve measurable effects, the victim user would need to have higher privileges than the attacker.
CVSS 4.0 CVSS-B Score: 8.5
CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/RE:M/U:Clear
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’)
CAPEC: CAPEC-592 Stored XSS
Internal ID: 170711
Date issued: 2024-07-29
Credits: Markus Tirrenberg / WithSecure, Emma Kantanen / WithSecure
EXPLOITABILITY
Publicly disclosed: No
Exploited: No
Probability of exploitation: low – responsibly reported
LINKS
https://www.cve.org/CVERecord?id=CVE-2024-6881
HISTORY
2024-07-29 Published