Vulnerabilities > M Files > Hubshare > High

DATE CVE VULNERABILITY TITLE RISK
2022-10-31 CVE-2022-39016 Injection vulnerability in M-Files Hubshare
Javascript injection in PDFtron in M-Files Hubshare before 3.3.10.9 allows authenticated attackers to perform an account takeover via a crafted PDF upload.
network
low complexity
m-files CWE-74
8.8
8.8
2022-10-31 CVE-2022-39018 Improper Authentication vulnerability in M-Files Hubshare 3.3.10.9
Broken access controls on PDFtron data in M-Files Hubshare before 3.3.11.3 allows unauthenticated attackers to access restricted PDF files via a known URL.
network
low complexity
m-files CWE-287
7.5
7.5
2022-10-31 CVE-2022-39019 Unspecified vulnerability in M-Files Hubshare 3.3.10.9
Broken access controls on PDFtron WebviewerUI in M-Files Hubshare before 3.3.11.3 allows unauthenticated attackers to upload malicious files to the application server.
network
low complexity
m-files
7.5
7.5