M-files M-files_web
4 CVEs affecting M-files M-files_web. Latest disclosed: 2025-04-04. Critical: 0, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-41807 | High | 7.5 | 2022-01-18 | Lack of rate limiting in M-Files Server and M-Files Web products with versions before 21.12.10873.0 in certain type of user accounts allows unlimited amount of… |
CVE-2021-37253 | High | 7.5 | 2021-12-05 | M-Files Web before 20.10.9524.1 allows a denial of service via overlapping ranges (in HTTP requests with crafted Range or Request-Range headers). NOTE: this is… |
CVE-2021-37254 | High | 7.5 | 2021-10-28 | In M-Files Web product with versions before 20.10.9524.1 and 20.10.9445.0, a remote attacker could use a flaw to obtain unauthenticated access to 3rd party com… |
CVE-2025-3087 | Medium | 5.4 | 2025-04-04 | Stored XSS in M-Files Web versions from 25.1.14445.5 to 25.2.14524.4 allows an authenticated user to run scripts |