Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Hubshare
(M\-Files)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 6 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-07-29 | CVE-2024-6124 | Reflected XSS in M-Files Hubshare before version 5.0.6.0 allows an attacker to execute arbitrary JavaScript code in the context of the victim's browser session | Hubshare | 5.4 | ||
| 2024-07-29 | CVE-2024-6881 | Stored XSS in M-Files Hubshare versions before 5.0.6.0 allows an authenticated attacker to execute arbitrary JavaScript in user's browser session | Hubshare | 5.4 | ||
| 2022-10-31 | CVE-2022-39016 | Javascript injection in PDFtron in M-Files Hubshare before 3.3.10.9 allows authenticated attackers to perform an account takeover via a crafted PDF upload. | Hubshare | 8.8 | ||
| 2022-10-31 | CVE-2022-39017 | Improper input validation and output encoding in all comments fields, in M-Files Hubshare before 3.3.10.9 allows authenticated attackers to introduce cross-site scripting attacks via specially crafted comments. | Hubshare | 5.4 | ||
| 2022-10-31 | CVE-2022-39018 | Broken access controls on PDFtron data in M-Files Hubshare before 3.3.11.3 allows unauthenticated attackers to access restricted PDF files via a known URL. | Hubshare | 7.5 | ||
| 2022-10-31 | CVE-2022-39019 | Broken access controls on PDFtron WebviewerUI in M-Files Hubshare before 3.3.11.3 allows unauthenticated attackers to upload malicious files to the application server. | Hubshare | 7.5 |