Lucene search
M-Files CorporationCVE-2022-4862HistoryMar 06, 2023 - 11:15 a.m.
CVE-2022-4862
2023-03-0611:15:10
CWE-200
CWE-79
M-Files Corporation
web.nvd.nist.gov
30
cve-2022-4862
information security
html rendering
user authentication
data theft
nvd
CVSS3
7.6
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N
AI Score
5.9
Confidence
High
EPSS
0.001
Percentile
29.2%
Rendering of HTML provided by another authenticated user is possible in browser on M-Files Web before 22.12.12140.3. This allows the content to steal user sensitive information.
This issue affects M-Files New Web: before 22.12.12140.3.
Affected configurations
Node
m-filesm-files_serverRange<22.12.12140.3
| Vendor | Product | Version | CPE |
|---|---|---|---|
| m-files | m-files_server | * | cpe:2.3:a:m-files:m-files_server:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "M-Files New Web",
"vendor": "M-Files",
"versions": [
{
"lessThan": "22.12.12140.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
]Related
cvelist
cvelist
CVE-2022-4862 XSS vulnerability in M-Files Web
2023-03-06 10:46:20
nvd
nvd
CVE-2022-4862
2023-03-06 11:15:10
prion
prion
Information disclosure
2023-03-06 11:15:00
vulnrichment
vulnrichment
CVE-2022-4862 XSS vulnerability in M-Files Web
2023-03-06 10:46:20
CVSS3
7.6
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N
AI Score
5.9
Confidence
High
EPSS
0.001
Percentile
29.2%
Related for CVE-2022-4862