CVE-2024-6881: Stored XSS Vulnerability

DESCRIPTION

Stored XSS in M-Files Hubshare versions before 5.0.6.0 allows an authenticated attacker to execute arbitrary JavaScript in user’s browser session

AFFECTED PRODUCTS

M-Files Hubshare before 5.0.6.0

MORE INFORMATION

To exploit the vulnerability, the attacker would need to be authenticated. Also some user interaction is required and to achieve measurable effects, the victim user would need to have higher privileges than the attacker.

CVSS 4.0 CVSS-B Score: 8.5

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/RE:M/U:Clear

CWE: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’)

CAPEC: CAPEC-592 Stored XSS

Internal ID: 170711

Date issued: 2024-07-29

Credits: Markus Tirrenberg / WithSecure, Emma Kantanen / WithSecure

EXPLOITABILITY

Publicly disclosed: No
Exploited: No
Probability of exploitation: low – responsibly reported

LINKS

https://www.cve.org/CVERecord?id=CVE-2024-6881

HISTORY

2024-07-29 Published