XSS in M-files Classic_web
CVE-2023-2325
Stored XSS Vulnerability in M-Files Classic Web versions before 23.10 and LTS Service Release Versions before 23.2 LTS SR4 and 23.8 LTS SR1allows attacker to execute script on users browser via stored HTML document.
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.004 (34.5th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.3 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N.
Affected products
- M-files Classic_web — versions 23.2, 23.8
- M-files Web — versions 0, 23.2 LTS SR4, 23.8 LTS SR1
Weakness classification (CWE)
References
- security@m-files.com (vendor-advisory)
- security@m-files.com (vendor-advisory)
- af854a3a-2127-422b-91ae-364da2661108
Frequently asked questions
- What is CVE-2023-2325?
- CVE-2023-2325 is a high-severity vulnerability in M-files Classic_web, classified under Cross-site Scripting. CVSS score: 7.3/10. Published 2023-10-20.
- How severe is CVE-2023-2325?
- High severity. CVSS v3 base score is 7.3 out of 10.