CVE-2022-4862

CVSS V2 None CVSS V3 None
Description
Rendering of HTML provided by another authenticated user is possible in browser on M-Files Web before 22.12.12140.3. This allows the content to steal user sensitive information. This issue affects M-Files New Web: before 22.12.12140.3.
Overview
  • CVE ID
  • CVE-2022-4862
  • Assigner
  • security@m-files.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2023-03-06T11:15:10
  • Last Modified Date
  • 2023-03-11T02:03:21
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:m-files:m-files_server:*:*:*:*:*:*:*:* 1 OR 22.12.12140.3
References
History
Created Old Value New Value Data Type Notes
2023-04-17 05:58:33 Added to TrackCVE
2023-04-17 05:58:36 Weakness Enumeration new