Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-39016 | 1 M-files | 1 Hubshare | 2022-11-01 | N/A | 8.8 HIGH |
| Javascript injection in PDFtron in M-Files Hubshare before 3.3.10.9 allows authenticated attackers to perform an account takeover via a crafted PDF upload. | |||||
| CVE-2022-39017 | 1 M-files | 1 Hubshare | 2022-11-01 | N/A | 5.4 MEDIUM |
| Improper input validation and output encoding in all comments fields, in M-Files Hubshare before 3.3.10.9 allows authenticated attackers to introduce cross-site scripting attacks via specially crafted comments. | |||||
| CVE-2022-39018 | 1 M-files | 1 Hubshare | 2022-11-01 | N/A | 7.5 HIGH |
| Broken access controls on PDFtron data in M-Files Hubshare before 3.3.11.3 allows unauthenticated attackers to access restricted PDF files via a known URL. | |||||
| CVE-2022-39019 | 1 M-files | 1 Hubshare | 2022-11-01 | N/A | 7.5 HIGH |
| Broken access controls on PDFtron WebviewerUI in M-Files Hubshare before 3.3.11.3 allows unauthenticated attackers to upload malicious files to the application server. | |||||