CVE-2024-27794

Published: Apr 15, 2024Modified: Dec 11, 2024

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

Claris FileMaker Server before version 20.3.2 was susceptible to a reflected Cross-Site Scripting vulnerability due to an improperly handled parameter in the FileMaker WebDirect login endpoint. The vulnerability was resolved in FileMaker Server 20.3.2 by escaping the HTML contents of the login error message on the login page.

Affected (1)

Products: Claris: Filemaker Server

1 product

Filemaker Server

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Claris Filemaker Server	Before 20.3.2

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

https://support.claris.com/s/article/Security-Vulnerability-in-Claris-FileMaker-Server?language=en_US

Source: product-security@apple.com

Vendor Advisory

https://support.claris.com/s/article/Security-Vulnerability-in-Claris-FileMaker-Server?language=en_US

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.