Headline
CVE-2022-39017: XSS in all comments fields in M-Files Hubshare
Improper input validation and output encoding in all comments fields, in M-Files Hubshare before 3.3.10.9 allows authenticated attackers to introduce cross-site scripting attacks via specially crafted comments.
Discovered by Michael Newton on behalf of The Missing Link Security
Vulnerability Details
XSS in all comments fields in M-Files Hubshare before 3.3.10.9 allows authenticated attackers to perform an account takeover via crafted comments.
Affected Versions
Discovered in: 3.3.1.6
Fixed Versions
Fixed in: 3.3.10.9