CVE-2022-39017

Summary

Improper input validation and output encoding in all comments fields, in M-Files Hubshare before 3.3.10.9 allows authenticated attackers to introduce cross-site scripting attacks via specially crafted comments.

Affected Software

VendorProductVersion RangeStatus
M-FilesHubshare3.3.1.6affected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation
  • CWE-79: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References