CVE-2022-4862
MEDIUMM-Files Server < 22.12.12140.3 - Stored Cross-Site Scripting via HTML Rendering
Title source: llmDescription
Rendering of HTML provided by another authenticated user is possible in browser on M-Files Web before 22.12.12140.3. This allows the content to steal user sensitive information. This issue affects M-Files New Web: before 22.12.12140.3.
References (3)
Core 3
Core References
Various Sources vendor-advisory
https://product.m-files.com/security-advisories/cve-2022-4862/
Various Sources vendor-advisory
https://empower.m-files.com/security-advisories/CVE-2022-4862
Scores
CVSS v3
5.0
EPSS
0.0036
EPSS Percentile
27.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-200
CWE-79
Status
published
Products (1)
m-files/m-files_server
< 22.12.12140.3
Published
Mar 06, 2023
Tracked Since
Feb 18, 2026