CVE-2024-6124: Reflected XSS in Hubshare via Open Redirect

DESCRIPTION

Reflected XSS in M-Files Hubshare before version 5.0.6.0 allows an attacker to execute arbitrary JavaScript code in the context of the victim’s browser session

AFFECTED PRODUCTS

M-Files Hubshare before 5.0.6.0

MORE INFORMATION

Certain input values could be used to cause M-Files Server to consume This vulnerability requires user interaction to be exploitable and the impact depends on the user’s access level.

CVSS 4.0 CVSS-B Score: 8.5

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/RE:M/U:Clear

CWE: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’)

CAPEC: CAPEC-591 Reflected XSS

Internal ID: 170713

Date issued: 2024-05-24
Credits: Markus Tirrenberg / WithSecure, Emma Kantanen / WithSecure

EXPLOITABILITY

Publicly disclosed: No
Exploited: No
Probability of exploitation: low – responsibly reported

LINKS

https://www.cve.org/CVERecord?id=CVE-2024-5142

HISTORY

2024-07-29 Published