M-Files Hubshare Reflected XSS via Open Redirect (CVE-2024-6124)

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability ID: CVE-2024-6124 2. Vulnerability Name: Reflected XSS in Hubshare via Open Redirect 3. Affected Product: M-Files Hubshare before 5.0.6.0 4. Description: In M-Files Hubshare versions prior to 5.0.6.0, a reflected XSS vulnerability allows attackers to execute arbitrary JavaScript code within the victim’s browser session. 5. Additional Information: - The input value can be used to trigger consumption of M-Files Server resources. - The vulnerability requires user interaction to be exploited; the impact depends on the user’s access level. - CVSS 4.0 CVSS-B Score: 8.5 - CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/RE:M/U:Clear - CWE: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') - CAPEC: CAPEC-591 Reflected XSS - Internal ID: 170713 - Publication Date: 2024-05-24 - Authors: Markus Tirrenberg / WithSecure, Emma Kantanen / WithSecure 6. Exploitability: - Public Disclosure: No - Exploit Available: No - Exploit Likelihood: Low – Responsible Disclosure 7. Link: https://www.cve.org/CVERecord?id=CVE-2024-5142 8. History: Published on 2024-07-29 This information provides a detailed description of the vulnerability, the affected product, severity assessment, and exploit likelihood.

Goal Reached Thanks to every supporter — we hit 100%!

M-Files Hubshare Reflected XSS via Open Redirect (CVE-2024-6124)