CVE-2022-4862: XSS vulnerability in M-Files Web

DESCRIPTION:

Rendering of HTML provided by another authenticated user is possible in browser on M-Files Web before 22.12.12140.3. This allows the content to steal user sensitive information.

AFFECTED PRODUCTS:

M-Files Web before 22.12.12140.3.

MORE INFORMATION:

Rendering of HTML provided by another authenticated user under the M-Files Web allows stealing of sensitive information. This requires existing authorized access from the attacker and user interaction from the victim.

CVSS 3.1 Score: 5.0

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N

CWE: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

CAPEC: CAPEC-63 Cross-Site Scripting (XSS)

Internal ID: 163512

Date issued: 2023-03-06

LINKS

https://www.cve.org/CVERecord?id=CVE-2022-4862