Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Script injection in M-Files Admin
Vulnerability Description
Script injection in M-Files Admin versions before 22.2.11051.0, allows executing stored script in admin tool. M-Files Admin tool allows storing configuration data with script which may then get run by another vault administrator. Requires vault admin level authentication and is not remotely exploitable
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
M-Files Server 跨站脚本漏洞
Vulnerability Description
M-Files Server是M-Files公司的一个 M-Files 系统的服务器。 M-Files Server 22.2.11051.0 之前版本存在安全漏洞,该漏洞源于管理工具允许使用脚本存储配置数据,然后可以由其他库管理员运行。需要保管库管理员级别的身份验证,并且不可远程利用。
CVSS Information
N/A
Vulnerability Type
N/A