CVE-2023-2325: Stored XSS Vulnerability in M-Files Classic Web

DESCRIPTION:

Stored XSS Vulnerability in M-Files Classic Web versions before 23.10 and LTS Service Release Versions before 23.2 LTS SR4 and 23.8 LTS SR1 allows attacker to execute script on users browser via stored HTML document.

AFFECTED PRODUCTS:

M-Files Server before 23.10

M-Files Server before 23.2 LTS SR4 (this service release is not affected)

M-Files Server before 23.8 LTS SR1 (this service release is not affected)

MORE INFORMATION:

Exploiting this vulnerability requires access to M-Files Vault to store malicious HTML files and then requires getting a user to open it with specifically provided link eg. sending the link to the document by email. Normally opening the file from the Vault from M-Files Web would not trigger the vulnerability.

CVSS 3.1 Base Score: 7.3

CVSS 3.1 Temporal Score: 6.6

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:R

CWE: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CAPEC: CAPEC-592 Stored XSS

Internal ID: 167253

Date issued: 2023-10-19

Credits: (Finders) Thomas Riedmaier / Siemens Energy, Abian Blome / Siemens Energy

EXPLOITABILITY:

Publicly disclosed: No - responsibly reported

Exploited: No

Probability of exploitation: low - responsibly reported

LINKS:

https://www.cve.org/CVERecord?id=CVE-2023-2325

HISTORY

2023-10-20 Published