M Files Web

m-files_web

Vendor: M Files • 4 CVEs

CVEs (4)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-3087 1M Files 1M Files Web Feb 23, 2026 Apr 4, 2025 5.1 MEDIUM· v4 5.4 MEDIUM· v3 N/A· v2 Stored XSS in M-Files Web versions from 25.1.14445.5 to 25.2.14524.4 allows an authenticated user to run scripts
CVE-2021-41807 1M Files 2M Files Server M Files Web Feb 23, 2026 Jan 18, 2022 N/A· v4 9.8 CRITICAL· v3 5.0 MEDIUM· v2 Lack of rate limiting in M-Files Server and M-Files Web products with versions before 21.12.10873.0 in certain type of user accounts allows unlimited amount of attempts and therefore makes brute-forcing login accounts ea...Show more Lack of rate limiting in M-Files Server and M-Files Web products with versions before 21.12.10873.0 in certain type of user accounts allows unlimited amount of attempts and therefore makes brute-forcing login accounts easier.Show less
CVE-2021-37253 1M Files 1M Files Web Nov 21, 2024 Dec 5, 2021 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 M-Files Web before 20.10.9524.1 allows a denial of service via overlapping ranges (in HTTP requests with crafted Range or Request-Range headers). NOTE: this is disputed because the range behavior is the responsibility of...Show more M-Files Web before 20.10.9524.1 allows a denial of service via overlapping ranges (in HTTP requests with crafted Range or Request-Range headers). NOTE: this is disputed because the range behavior is the responsibility of the web server, not the responsibility of the individual web applicationShow less
CVE-2021-37254 1M Files 1M Files Web Nov 21, 2024 Oct 28, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In M-Files Web product with versions before 20.10.9524.1 and 20.10.9445.0, a remote attacker could use a flaw to obtain unauthenticated access to 3rd party component license key information on server.