Claris FileMaker Server before version 20.3.2 was susceptible to a reflected Cross-Site Scripting vulnerability due to an improperly handled parameter in the FileMaker WebDirect login endpoint. The vulnerability was resolved in FileMaker Server 20.3.2 by escaping the HTML contents of the login error message on the login page.
Metrics
Affected Vendors & Products
References
History
Wed, 11 Dec 2024 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Claris
Claris filemaker Server |
|
CPEs | cpe:2.3:a:claris:filemaker_server:*:*:*:*:*:*:*:* | |
Vendors & Products |
Claris
Claris filemaker Server |
|
Metrics |
cvssV3_1
|
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: apple
Published: 2024-04-15T22:16:30.367Z
Updated: 2024-08-02T00:41:55.211Z
Reserved: 2024-02-26T15:32:28.515Z
Link: CVE-2024-27794
Vulnrichment
Updated: 2024-08-02T00:41:55.211Z
NVD
Status : Analyzed
Published: 2024-04-15T23:15:06.890
Modified: 2024-12-11T19:56:37.067
Link: CVE-2024-27794
Redhat
No data.