CVE-2024-5142 HIGH

CVE-2024-5142: XSS in Hubshare's social module

Vendor M-Files Corporation

Product Hubshare

Weakness CWE-79 · XSS

Published May 24, 2024

Last update February 23, 2026

View on NVD All CVEs

CVSS base score

7.0/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Stored Cross-Site Scripting vulnerability in Social Module in M-Files Hubshare before version 5.0.6.0 allows authenticated attacker to run scripts in other users browser

Key dates

02Disclosure timeline

May 24, 2024 CVE published

February 23, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-5142

Related vulnerabilities

04Related CVE

CVE-2025-57877 Reflected XSS vulnerability in Portal for ArcGIS. CVE-2023-48583 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) CVE-2025-23882 WordPress WP Download Codes Plugin <= 2.5.4 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2021-24796 My Tickets < 1.8.31 - Unauthenticated Stored Cross-Site Scripting CVE-2024-36109 Cross-site Scripting with Markdown rendering in CoCalc