Vulnerabilities > Claris > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-05-14 | CVE-2023-42955 | Insufficiently Protected Credentials vulnerability in Claris Filemaker Server Claris International has successfully resolved an issue of potentially exposing password information to front-end websites when signed in to the Admin Console with an administrator role. | 4.9 |
| 2024-04-15 | CVE-2024-27794 | Cross-site Scripting vulnerability in Claris Filemaker Server Claris FileMaker Server before version 20.3.2 was susceptible to a reflected Cross-Site Scripting vulnerability due to an improperly handled parameter in the FileMaker WebDirect login endpoint. | 6.1 |
| 2024-03-21 | CVE-2023-42954 | Unspecified vulnerability in Claris PRO and Filemaker Server A privilege escalation issue existed in FileMaker Server, potentially exposing sensitive information to front-end websites when signed in to the Admin Console with an administrator role. | 4.9 |
| 2021-11-22 | CVE-2021-44147 | XXE vulnerability in Claris Filemaker PRO and Filemaker Server An XML External Entity issue in Claris FileMaker Pro and Server (including WebDirect) before 19.4.1 allows a remote attacker to disclose local files via a crafted XML/Excel document and perform server-side request forgery attacks. | 5.5 |