M-Files: >> Hubshare Security Vulnerabilities
Stored HTML Injection in Social Module in M-Files Hubshare before version 5.0.8.6 allows authenticated user to spoof UI
CVSS Score
5.4
EPSS Score
0.002
Published
2024-10-02
Reflected XSS in M-Files Hubshare before version 5.0.6.0 allows an attacker to execute arbitrary JavaScript code in the context of the victim's browser session
CVSS Score
5.4
EPSS Score
0.001
Published
2024-07-29
Stored XSS in M-Files Hubshare versions before 5.0.6.0 allows an authenticated attacker to execute arbitrary JavaScript in user's browser session
CVSS Score
5.4
EPSS Score
0.001
Published
2024-07-29
Stored Cross-Site Scripting vulnerability in Social Module in M-Files Hubshare before version 5.0.6.0 allows authenticated attacker to run scripts in other users browser
CVSS Score
5.4
EPSS Score
0.007
Published
2024-05-24
Improper input validation and output encoding in all comments fields, in M-Files Hubshare before 3.3.10.9 allows authenticated attackers to introduce cross-site scripting attacks via specially crafted comments.
CVSS Score
8.2
EPSS Score
0.001
Published
2022-10-31
Broken access controls on PDFtron data in M-Files Hubshare before 3.3.11.3 allows unauthenticated attackers to access restricted PDF files via a known URL.
CVSS Score
8.2
EPSS Score
0.001
Published
2022-10-31
Broken access controls on PDFtron WebviewerUI in M-Files Hubshare before 3.3.11.3 allows unauthenticated attackers to upload malicious files to the application server.
CVSS Score
6.3
EPSS Score
0.001
Published
2022-10-31
Javascript injection in PDFtron in M-Files Hubshare before 3.3.10.9 allows authenticated attackers to perform an account takeover via a crafted PDF upload.
CVSS Score
8.2
EPSS Score
0.001
Published
2022-10-31