Vulnerabilities > M Files > Hubshare
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-29 | CVE-2024-6124 | Cross-site Scripting vulnerability in M-Files Hubshare 3.3.10.9/3.3.11.3 Reflected XSS in M-Files Hubshare before version 5.0.6.0 allows an attacker to execute arbitrary JavaScript code in the context of the victim's browser session | 5.4 |
| 2024-07-29 | CVE-2024-6881 | Cross-site Scripting vulnerability in M-Files Hubshare 3.3.10.9/3.3.11.3 Stored XSS in M-Files Hubshare versions before 5.0.6.0 allows an authenticated attacker to execute arbitrary JavaScript in user's browser session | 5.4 |
| 2022-10-31 | CVE-2022-39016 | Injection vulnerability in M-Files Hubshare Javascript injection in PDFtron in M-Files Hubshare before 3.3.10.9 allows authenticated attackers to perform an account takeover via a crafted PDF upload. | 8.8 |
| 2022-10-31 | CVE-2022-39017 | Cross-site Scripting vulnerability in M-Files Hubshare Improper input validation and output encoding in all comments fields, in M-Files Hubshare before 3.3.10.9 allows authenticated attackers to introduce cross-site scripting attacks via specially crafted comments. | 5.4 |
| 2022-10-31 | CVE-2022-39018 | Improper Authentication vulnerability in M-Files Hubshare 3.3.10.9 Broken access controls on PDFtron data in M-Files Hubshare before 3.3.11.3 allows unauthenticated attackers to access restricted PDF files via a known URL. | 7.5 |
| 2022-10-31 | CVE-2022-39019 | Unspecified vulnerability in M-Files Hubshare 3.3.10.9 Broken access controls on PDFtron WebviewerUI in M-Files Hubshare before 3.3.11.3 allows unauthenticated attackers to upload malicious files to the application server. | 7.5 |