M-Files Corporation Security Vulnerabilities
Stored Cross-Site Scripting vulnerability in Social Module in M-Files Hubshare before version 5.0.3.8 allows authenticated attacker to run scripts in other users...
6.1AI Score
0.0004EPSS
Denial of service condition in M-Files Server in versions before 24.4.13592.4 and after 23.11 (excluding 24.2 LTS) allows unauthenticated user to consume computing...
7.5CVSS
7.4AI Score
0.0004EPSS
Stored XSS Vulnerability in M-Files Web versions before 23.8 allows attacker to execute script on users browser via stored HTML document within limited time...
7.3CVSS
5.9AI Score
0.0004EPSS
Denial of service condition in M-Files Server in versions before 24.2 (excluding 23.2 SR7 and 23.8 SR5) allows anonymous user to cause denial of service against other anonymous...
4.3CVSS
7.2AI Score
0.0004EPSS
Lack of protection against brute force attacks in M-Files Server before 23.12.13205.0 allows an attacker unlimited authentication attempts, potentially compromising targeted M-Files user accounts by guessing...
9.8CVSS
7.6AI Score
0.001EPSS
A vulnerable API method in M-Files Server before 23.12.13195.0 allows for uncontrolled resource consumption. Authenticated attacker can exhaust server storage space to a point where the server can no longer serve...
6.5CVSS
7.3AI Score
0.0004EPSS
Admin tool allows storing configuration data with script which may then get run by another vault administrator. Requires vault admin level authentication and is not remotely...
4.8CVSS
5.2AI Score
0.001EPSS