Stored XSS Vulnerability in M-Files Web versions before 23.8 allows attacker to execute script on users browser via stored HTML document within limited time period.
References
| Link | Resource |
|---|---|
| https://product.m-files.com/security-advisories/cve-2023-4479/ | Vendor Advisory |
| https://www.m-files.com/about/trust-center/security-advisories/cve-2023-4479/ | Vendor Advisory |
Configurations
History
08 May 2025, 16:59
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
M-files m-files
M-files |
|
| CPE | cpe:2.3:a:m-files:m-files:*:*:*:*:*:*:*:* | |
| References | () https://product.m-files.com/security-advisories/cve-2023-4479/ - Vendor Advisory | |
| References | () https://www.m-files.com/about/trust-center/security-advisories/cve-2023-4479/ - Vendor Advisory |
Information
Published : 2024-03-04 08:15
Updated : 2025-05-08 16:59
NVD link : CVE-2023-4479
Mitre link : CVE-2023-4479
CVE.ORG link : CVE-2023-4479
JSON object : View
Products Affected
m-files
- m-files
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')