CVE-2024-5142 – M-Files Product Center

CVE-2024-5142: XSS Vulnerability in Hubshare

DESCRIPTION

Stored Cross-Site Scripting vulnerability in Social Module in M-Files Hubshare before version 5.0.6.0 allows authenticated attacker to run scripts in other users browser

AFFECTED PRODUCTS

M-Files Hubshare before 5.0.6.0

MORE INFORMATION

Stored XSS was usable in Hubshare’s social module. The vulnerability requires attacker to authenticate to Hubshare and was not usable anonymously.

CVSS 4.0 Base Score: 7.0
CVSS 4.0 Base+Threat Score: 4.7

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

CWE: CWE-79 Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)

CAPEC: CAPEC-592: Stored XSS

Internal ID: –
Date issued: 2024-05-24

Credits: Wesley R @ Resillion

EXPLOITABILITY

Publicly disclosed: No
Exploited: No
Probability of exploitation: low – responsibly reported

LINKS

https://www.cve.org/CVERecord?id=CVE-2024-5142

HISTORY

2024-05-24 Published
2024-07-29 “Fixed version” number updated.
2024-08-30 “More information section” in this advisory corrected, the text was incorrect.