CVE-2023-2325

Stored XSS Vulnerability in M-Files Classic Web

CVSS 7.3 HIGHEPSS 0.4%CWE-79

Vexday Risk Score

21Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 7.3EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Ciclo de vida

20 out 2023Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

Stored XSS Vulnerability in M-Files Classic Web versions before 23.10 and LTS Service Release Versions before 23.2 LTS SR4 and 23.8 LTS SR1allows attacker to execute script on users browser via stored HTML document.

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

Produtos afetados

M-Files · M-Files Web

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://empower.m-files.com/security-advisories/CVE-2023-2325 https://product.m-files.com/security-advisories/cve-2023-2325/https://www.m-files.com/about/trust-center/security-advisories/cve-2023-2325/