CVE-2024-6124: Reflected XSS in Hubshare via Open Redirect
DESCRIPTION
Reflected XSS in M-Files Hubshare before version 5.0.6.0 allows an attacker to execute arbitrary JavaScript code in the context of the victim’s browser session
AFFECTED PRODUCTS
M-Files Hubshare before 5.0.6.0
MORE INFORMATION
Certain input values could be used to cause M-Files Server to consume This vulnerability requires user interaction to be exploitable and the impact depends on the user’s access level.
CVSS 4.0 CVSS-B Score: 8.5
CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/RE:M/U:Clear
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’)
CAPEC: CAPEC-591 Reflected XSS
Internal ID: 170713
Date issued: 2024-05-24
Credits: Markus Tirrenberg / WithSecure, Emma Kantanen / WithSecure
EXPLOITABILITY
Publicly disclosed: No
Exploited: No
Probability of exploitation: low – responsibly reported
LINKS
https://www.cve.org/CVERecord?id=CVE-2024-5142
HISTORY
2024-07-29 Published