Claris FileMaker Server before version 20.3.2 was susceptible to a reflected Cross-Site Scripting vulnerability due to an improperly handled parameter in the FileMaker WebDirect login endpoint. The vulnerability was resolved in FileMaker Server 20.3.2 by escaping the HTML contents of the login error message on the login page.
History

Wed, 11 Dec 2024 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Claris
Claris filemaker Server
CPEs cpe:2.3:a:claris:filemaker_server:*:*:*:*:*:*:*:*
Vendors & Products Claris
Claris filemaker Server
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N'}

cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published: 2024-04-15T22:16:30.367Z

Updated: 2024-08-02T00:41:55.211Z

Reserved: 2024-02-26T15:32:28.515Z

Link: CVE-2024-27794

cve-icon Vulnrichment

Updated: 2024-08-02T00:41:55.211Z

cve-icon NVD

Status : Analyzed

Published: 2024-04-15T23:15:06.890

Modified: 2024-12-11T19:56:37.067

Link: CVE-2024-27794

cve-icon Redhat

No data.