CVE-2023-2325

Published Oct 20, 2023

Last updated 3 months ago

CVSS medium 5.4

Overview

Description: Stored XSS Vulnerability in M-Files Classic Web versions before 23.10 and LTS Service Release Versions before 23.2 LTS SR4 and 23.8 LTS SR1allows attacker to execute script on users browser via stored HTML document.
Source: security@m-files.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.4
Impact score: 2.7
Exploitability score: 2.3
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM

Weaknesses

nvd@nist.gov: CWE-79
security@m-files.com: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:m-files:classic_web:*:*:*:*:-:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "28E12800-4297-4473-B24F-9D71897DB877",
            "versionEndExcluding": "23.10"
          },
          {
            "criteria": "cpe:2.3:a:m-files:classic_web:23.2:-:*:*:lts:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4E66A68C-65E6-48E9-97DD-621B4B73D975"
          },
          {
            "criteria": "cpe:2.3:a:m-files:classic_web:23.8:-:*:*:lts:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B6C757FE-8BF2-4CFC-A0CF-4EDFB77C8D96"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References