XSS in M-files Classic_web

CVE-2023-2325

Stored XSS Vulnerability in M-Files Classic Web versions before 23.10 and LTS Service Release Versions before 23.2 LTS SR4 and 23.8 LTS SR1allows attacker to execute script on users browser via stored HTML document.

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.004 (34.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.3 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2023-2325?
CVE-2023-2325 is a high-severity vulnerability in M-files Classic_web, classified under Cross-site Scripting. CVSS score: 7.3/10. Published 2023-10-20.
How severe is CVE-2023-2325?
High severity. CVSS v3 base score is 7.3 out of 10.