CVE-2024-27794

EPSS 0.68%
Veröffentlicht 15.04.2024 23:15:06
Zuletzt bearbeitet 11.12.2024 19:56:37
Quelle product-security@apple.com
CVE-Watchlists
Login
Unerledigt
Login

Claris FileMaker Server before version 20.3.2 was susceptible to a reflected Cross-Site Scripting vulnerability due to an improperly handled parameter in the FileMaker WebDirect login endpoint. The vulnerability was resolved in FileMaker Server 20.3.2 by escaping the HTML contents of the login error message on the login page.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Claris ≫ Filemaker Server Version < 20.3.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.68%	0.708

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://support.claris.com/s/article/Security-Vulnerability-in-Claris-FileMaker-Server?language=en_US

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-27794

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-27794

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-27794

EUVD