CVE-2024-6124 HIGH

CVE-2024-6124: Reflected XSS in Hubshare via Open Redirect

Vendor M-Files Corporation
Product Hubshare
Weakness CWE-79 · XSS
Published July 29, 2024
Last update February 23, 2026

CVSS base score

8.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/RE:M/U:Clear

What the vulnerability does

01Description

Reflected XSS in M-Files Hubshare before version 5.0.6.0 allows an attacker to execute arbitrary JavaScript code in the context of the victim's browser session

Key dates

02Disclosure timeline

July 29, 2024 CVE published
February 23, 2026 Record updated