CVE-2022-39016

Summary

Javascript injection in PDFtron in M-Files Hubshare before 3.3.10.9 allows authenticated attackers to perform an account takeover via a crafted PDF upload.

Affected Software

VendorProductVersion RangeStatus
M-FilesHubshare3.3.1.6affected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation
  • CWE-79: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References