Vulnerabilities > M Files > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-27 | CVE-2024-6789 | Path Traversal vulnerability in M-Files Server A path traversal issue in API endpoint in M-Files Server before version 24.8.13981.0 and LTS 24.2.13421.15 SR2 and LTS 23.8.12892.0 SR6 allows authenticated user to read files | 6.5 |
| 2024-07-29 | CVE-2024-6124 | Cross-site Scripting vulnerability in M-Files Hubshare 3.3.10.9/3.3.11.3 Reflected XSS in M-Files Hubshare before version 5.0.6.0 allows an attacker to execute arbitrary JavaScript code in the context of the victim's browser session | 5.4 |
| 2024-07-29 | CVE-2024-6881 | Cross-site Scripting vulnerability in M-Files Hubshare 3.3.10.9/3.3.11.3 Stored XSS in M-Files Hubshare versions before 5.0.6.0 allows an authenticated attacker to execute arbitrary JavaScript in user's browser session | 5.4 |
| 2023-12-20 | CVE-2023-6910 | Unspecified vulnerability in M-Files Server A vulnerable API method in M-Files Server before 23.12.13195.0 allows for uncontrolled resource consumption. | 6.5 |
| 2023-11-22 | CVE-2023-6189 | Unspecified vulnerability in M-Files Server Missing access permissions checks in the M-Files server before 23.11.13156.0 allow attackers to perform data write and export jobs using the M-Files API methods. | 5.3 |
| 2023-10-20 | CVE-2023-2325 | Cross-site Scripting vulnerability in M-Files Classic web 23.2/23.6.12695.3/23.8 Stored XSS Vulnerability in M-Files Classic Web versions before 23.10 and LTS Service Release Versions before 23.2 LTS SR4 and 23.8 LTS SR1allows attacker to execute script on users browser via stored HTML document. | 5.4 |
| 2023-08-25 | CVE-2023-3406 | Path Traversal vulnerability in M-Files Classic web 23.2 Path Traversal issue in M-Files Classic Web versions below 23.6.12695.3 and LTS Service Release Versions before 23.2 LTS SR3 allows authenticated user to read some restricted files on the web server | 6.5 |
| 2023-08-25 | CVE-2023-3425 | Out-of-bounds Read vulnerability in M-Files Classic web 23.2 Out-of-bounds read issue in M-Files Server versions below 23.8.12892.6 and LTS Service Release Versions before 23.2 LTS SR3 allows unauthenticated user to read restricted amount of bytes from memory. | 5.3 |
| 2023-04-05 | CVE-2023-0382 | Resource Exhaustion vulnerability in M-Files Server User-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1 due to uncontrolled memory consumption. | 6.5 |
| 2022-12-30 | CVE-2022-4861 | Improper Authentication vulnerability in M-Files Client Incorrect implementation in authentication protocol in M-Files Client before 22.5.11356.0 allows high privileged user to get other users tokens to another resource. | 4.9 |