7.3
CVE-2023-2325
- EPSS 0.11%
- Veröffentlicht 20.10.2023 07:15:15
- Zuletzt bearbeitet 23.02.2026 09:16:14
- Quelle security@m-files.com
- CVE-Watchlists
- Unerledigt
LoginStored XSS Vulnerability in M-Files Classic Web versions before 23.10 and LTS Service Release Versions before 23.2 LTS SR4 and 23.8 LTS SR1allows attacker to execute script on users browser via stored HTML document.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
M-files ≫ Classic Web SwEdition- Version < 23.10
M-files ≫ Classic Web Version23.2 Update- SwEditionlts
M-files ≫ Classic Web Version23.8 Update- SwEditionlts
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.11% | 0.288 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.4 | 2.3 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
| security@m-files.com | 7.3 | 2.1 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.