Vulnerability Details CVE-2025-46320
A cross-site scripting (XSS) vulnerability in a FileMaker WebDirect custom homepage could lead to unauthorized access and remote code execution. This vulnerability has been fully addressed in FileMaker Server 22.0.4 and FileMaker Server 21.1.7.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 18.2%
CVSS Severity
CVSS v3 Score 6.1
Products affected by CVE-2025-46320
-
cpe:2.3:a:claris:filemaker_server:-
-
cpe:2.3:a:claris:filemaker_server:19.1.2
-
cpe:2.3:a:claris:filemaker_server:19.2.1
-
cpe:2.3:a:claris:filemaker_server:19.3.1
-
cpe:2.3:a:claris:filemaker_server:19.3.2
-
cpe:2.3:a:claris:filemaker_server:19.4.1
-
cpe:2.3:a:claris:filemaker_server:20.1.1
-
cpe:2.3:a:claris:filemaker_server:20.1.2
-
cpe:2.3:a:claris:filemaker_server:20.2.1
-
cpe:2.3:a:claris:filemaker_server:20.3.1
-
cpe:2.3:a:claris:filemaker_server:20.3.2
-
cpe:2.3:a:claris:filemaker_server:21.0.1
-
cpe:2.3:a:claris:filemaker_server:21.0.2
-
cpe:2.3:a:claris:filemaker_server:21.1.1
-
cpe:2.3:a:claris:filemaker_server:21.1.3
-
cpe:2.3:a:claris:filemaker_server:21.1.4
-
cpe:2.3:a:claris:filemaker_server:21.1.5
-
cpe:2.3:a:claris:filemaker_server:21.1.6
-
cpe:2.3:a:claris:filemaker_server:22.0.1
-
cpe:2.3:a:claris:filemaker_server:22.0.2