CVE-2022-4862 MEDIUM

CVE-2022-4862: XSS vulnerability in M-Files Web

Vendor M-Files
Product M-Files New Web
Weakness CWE-200 · Info exposure
Published March 6, 2023
Last update February 23, 2026

CVSS base score

5.0/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction Required
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N

What the vulnerability does

01Description

Rendering of HTML provided by another authenticated user is possible in browser on M-Files Web before 22.12.12140.3. This allows the content to steal user sensitive information. This issue affects M-Files New Web: before 22.12.12140.3.

Key dates

02Disclosure timeline

March 6, 2023 CVE published
February 23, 2026 Record updated