Skip to main content

M Files Web

3 CVEs product

Monthly

CVE-2025-3087 MEDIUM This Month

Stored XSS in M-Files Web versions from 25.1.14445.5 to 25.2.14524.4 allows an authenticated user to run scripts. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS M Files Web
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2021-37253 HIGH POC This Week

M-Files Web before 20.10.9524.1 allows a denial of service via overlapping ranges (in HTTP requests with crafted Range or Request-Range headers). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Request Smuggling Denial Of Service M Files Web
NVD
CVSS 3.1
7.5
EPSS
2.8%
CVE-2021-37254 HIGH This Week

In M-Files Web product with versions before 20.10.9524.1 and 20.10.9445.0, a remote attacker could use a flaw to obtain unauthenticated access to 3rd party component license key information on server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure M Files Web
NVD
CVSS 3.1
7.5
EPSS
1.3%
EPSS 0% CVSS 5.1
MEDIUM This Month

Stored XSS in M-Files Web versions from 25.1.14445.5 to 25.2.14524.4 allows an authenticated user to run scripts. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS M Files Web
NVD
EPSS 3% CVSS 7.5
HIGH POC This Week

M-Files Web before 20.10.9524.1 allows a denial of service via overlapping ranges (in HTTP requests with crafted Range or Request-Range headers). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Request Smuggling Denial Of Service M Files Web
NVD
EPSS 1% CVSS 7.5
HIGH This Week

In M-Files Web product with versions before 20.10.9524.1 and 20.10.9445.0, a remote attacker could use a flaw to obtain unauthenticated access to 3rd party component license key information on server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure M Files Web
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy