CVE-2023-2325: Stored XSS Vulnerability in M-Files Classic Web
Stored XSS Vulnerability in M-Files Classic Web versions before 23.10 and LTS Service Release Versions before 23.2 LTS SR4 and 23.8 LTS SR1 allows attacker to execute script on users browser via stored HTML document.
M-Files Server before 23.10
M-Files Server before 23.2 LTS SR4 (this service release is not affected)
M-Files Server before 23.8 LTS SR1 (this service release is not affected)
Exploiting this vulnerability requires access to M-Files Vault to store malicious HTML files and then requires getting a user to open it with specifically provided link eg. sending the link to the document by email. Normally opening the file from the Vault from M-Files Web would not trigger the vulnerability.
CVSS 3.1 Base Score: 7.3
CVSS 3.1 Temporal Score: 6.6
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:R
CWE: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC: CAPEC-592 Stored XSS
Internal ID: 167253
Date issued: 2023-10-19
Credits: (Finders) Thomas Riedmaier / Siemens Energy, Abian Blome / Siemens Energy
Publicly disclosed: No - responsibly reported
Probability of exploitation: low - responsibly reported