Every CVE whose affected-product data names M-files Hubshare, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2022-39016 — CVSS 8.2 (high): Javascript injection in PDFtron in M-Files Hubshare before 3.3.10.9 allows authenticated attackers to perform an account takeover via a…
CVE-2022-39017 — CVSS 8.2 (high): Improper input validation and output encoding in all comments fields, in M-Files Hubshare before 3.3.10.9 allows authenticated attackers to…
CVE-2022-39018 — CVSS 8.2 (high): Broken access controls on PDFtron data in M-Files Hubshare before 3.3.11.3 allows unauthenticated attackers to access restricted PDF files…
CVE-2022-39019 — CVSS 6.3 (medium): Broken access controls on PDFtron WebviewerUI in M-Files Hubshare before 3.3.11.3 allows unauthenticated attackers to upload malicious…
CVE-2024-5142 — CVSS 5.4 (medium): Stored Cross-Site Scripting vulnerability in Social Module in M-Files Hubshare before version 5.0.6.0 allows authenticated attacker to run…
CVE-2024-6124 — CVSS 5.4 (medium): Reflected XSS in M-Files Hubshare before version 5.0.6.0 allows an attacker to execute arbitrary JavaScript code in the context of the…
CVE-2024-6881 — CVSS 5.4 (medium): Stored XSS in M-Files Hubshare versions before 5.0.6.0 allows an authenticated attacker to execute arbitrary JavaScript in user's browser…
CVE-2024-9174 — CVSS 5.4 (medium): Stored HTML Injection in Social Module in M-Files Hubshare before version 5.0.8.6 allows authenticated user to spoof UI
CVE-2025-9826 — CVSS 5.4 (medium): Stored cross-site scripting vulnerability in M-Files Hubshare before version 25.8 allows authenticated attackers to cause script execution…