HTML Rendering Vulnerability in M-Files Web Allows for User Information Theft

HTML Rendering Vulnerability in M-Files Web Allows for User Information Theft

CVE-2022-4862 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N

Rendering of HTML provided by another authenticated user is possible in browser on M-Files Web before 22.12.12140.3. This allows the content to steal user sensitive information. This issue affects M-Files New Web: before 22.12.12140.3.

Learn more about our Web App Pen Testing.