GCVE - cpe:2.3:a:m-files:hubshare:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:m-files:hubshare:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	M Files (`eb040204-ad59-500e-add5-a0873eedc68c`)
Product	Hubshare (`c2b010bf-f87d-556a-bdaa-1e6b5baecc88`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-9826`	vulnerable	2026-06-08 07:47:10.007789	Details available Stored cross-site scripting vulnerability in M-Files Hubshare before version 25.8 allows authenticated attackers to cause script execution for other users. Published: 2025-09-15T10:15:15.855Z Updated: 2026-02-23T10:32:58.235Z Open on db.gcve.eu Reference links https://product.m-files.com/security-advisories/cve-2025-9826/ https://empower.m-files.com/security-advisories/CVE-2025-9826	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-9174`	vulnerable	2026-06-08 07:00:26.848382	Stored HTML Injection in Hubshare social module Stored HTML Injection in Social Module in M-Files Hubshare before version 5.0.8.6 allows authenticated user to spoof UI Published: 2024-10-02T05:56:28.208Z Updated: 2026-02-23T10:19:10.733Z Open on db.gcve.eu Reference links https://product.m-files.com/security-advisories/cve-2024-9174/ https://empower.m-files.com/security-advisories/CVE-2024-9174	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-6881`	vulnerable	2026-06-08 06:58:20.644821	Stored XSS Vulnerability Stored XSS in M-Files Hubshare versions before 5.0.6.0 allows an authenticated attacker to execute arbitrary JavaScript in user's browser session Published: 2024-07-29T12:56:51.695Z Updated: 2026-02-23T10:18:02.562Z Open on db.gcve.eu Reference links https://product.m-files.com/security-advisories/cve-2024-6881/ https://empower.m-files.com/security-advisories/CVE-2024-6881	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-6124`	vulnerable	2026-06-08 06:58:17.892680	Reflected XSS in Hubshare via Open Redirect Reflected XSS in M-Files Hubshare before version 5.0.6.0 allows an attacker to execute arbitrary JavaScript code in the context of the victim's browser session Published: 2024-07-29T13:00:33.825Z Updated: 2026-02-23T10:12:11.711Z Open on db.gcve.eu Reference links https://product.m-files.com/security-advisories/cve-2024-6124/ https://empower.m-files.com/security-advisories/CVE-2024-6124	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-5142`	vulnerable	2026-06-08 06:56:14.978302	XSS in Hubshare's social module Stored Cross-Site Scripting vulnerability in Social Module in M-Files Hubshare before version 5.0.6.0 allows authenticated attacker to run scripts in other users browser Published: 2024-05-24T05:58:41.316Z Updated: 2026-02-23T10:11:26.951Z Open on db.gcve.eu Reference links https://product.m-files.com/security-advisories/cve-2024-5142/ https://empower.m-files.com/security-advisories/CVE-2024-5142	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-39019`	vulnerable	2026-06-08 05:47:17.640717	Broken access controls on PDFtron WebviewerUI in M-Files Hubshare MEDIUM (6.3) Broken access controls on PDFtron WebviewerUI in M-Files Hubshare before 3.3.11.3 allows unauthenticated attackers to upload malicious files to the application server. Published: 2022-10-31T20:09:40.656Z Updated: 2025-05-02T19:40:06.297Z Open on db.gcve.eu Reference links https://www.themissinglink.com.au/security-advisories/cve-2022-39019	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-39018`	vulnerable	2026-06-08 05:47:17.640266	Broken access controls on PDFtron data in M-Files Hubshare HIGH (8.2) Broken access controls on PDFtron data in M-Files Hubshare before 3.3.11.3 allows unauthenticated attackers to access restricted PDF files via a known URL. Published: 2022-10-31T20:09:57.134Z Updated: 2025-05-02T17:46:24.638Z Open on db.gcve.eu Reference links https://www.themissinglink.com.au/security-advisories/cve-2022-39018	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-39017`	vulnerable	2026-06-08 05:47:17.639861	XSS in all comments fields in M-Files Hubshare HIGH (8.2) Improper input validation and output encoding in all comments fields, in M-Files Hubshare before 3.3.10.9 allows authenticated attackers to introduce cross-site scripting attacks via specially crafted comments. Published: 2022-10-31T20:07:26.779Z Updated: 2025-05-02T19:46:52.204Z Open on db.gcve.eu Reference links https://www.themissinglink.com.au/security-advisories/cve-2022-39017	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-39016`	vulnerable	2026-06-08 05:47:17.639266	Javascript injection in PDFtron in M-Files Hubshare HIGH (8.2) Javascript injection in PDFtron in M-Files Hubshare before 3.3.10.9 allows authenticated attackers to perform an account takeover via a crafted PDF upload. Published: 2022-10-31T20:06:26.219Z Updated: 2025-05-06T19:20:26.357Z Open on db.gcve.eu Reference links https://www.themissinglink.com.au/security-advisories/cve-2022-39016	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.