{"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"M-Files Server","vendor":"M-Files Corporation","versions":[{"lessThan":"22.2.11051.0","status":"affected","version":"M-Files Server","versionType":"custom"}]}],"datePublic":"2022-03-15T22:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>Script injection in M-Files Admin versions before 22.2.11051.0, allows executing stored script in admin tool. M-Files Admin tool allows storing configuration data with script which may then get run by another vault administrator. Requires vault admin level authentication and is not remotely exploitable</p>"}],"value":"Script injection in M-Files Admin versions before 22.2.11051.0, allows executing stored script in admin tool. M-Files Admin tool allows storing configuration data with script which may then get run by another vault administrator. Requires vault admin level authentication and is not remotely exploitable"}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":5.2,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"LOW","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-79","description":"CWE-79 Cross-site Scripting (XSS)","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"bcf7a16e-bfdc-46e4-9e42-4187da3f4410","shortName":"M-Files Corporation","dateUpdated":"2026-02-23T11:09:14.739Z"},"references":[{"tags":["x_refsource_MISC"],"url":"https://www.m-files.com/about/trust-center/security-advisories/cve-2021-41810/"},{"tags":["vendor-advisory"],"url":"https://product.m-files.com/security-advisories/cve-2021-41810/"},{"tags":["vendor-advisory"],"url":"https://empower.m-files.com/security-advisories/CVE-2021-41810"}],"source":{"discovery":"INTERNAL"},"title":"Script injection in M-Files Admin","x_generator":{"engine":"Vulnogram 0.0.9"},"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"security@m-files.com","DATE_PUBLIC":"2022-03-16T12:00:00.000Z","ID":"CVE-2021-41810","STATE":"PUBLIC","TITLE":"Script injection in M-Files Server products with versions before 22.2.11051.0, allows executing stored script in admin tool"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"M-Files Server","version":{"version_data":[{"version_affected":"<","version_name":"M-Files Server","version_value":"22.2.11051.0"}]}}]},"vendor_name":"M-Files Corporation"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Admin tool allows storing configuration data with script which may then get run by another vault administrator. Requires vault admin level authentication and is not remotely exploitable"}]},"generator":{"engine":"Vulnogram 0.0.9"},"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":5.2,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"LOW","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-79 Cross-site Scripting (XSS)"}]}]},"references":{"reference_data":[{"name":"https://www.m-files.com/about/trust-center/security-advisories/cve-2021-41810/","refsource":"MISC","url":"https://www.m-files.com/about/trust-center/security-advisories/cve-2021-41810/"}]},"source":{"discovery":"INTERNAL"}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T03:22:24.315Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.m-files.com/about/trust-center/security-advisories/cve-2021-41810/"}]}]},"cveMetadata":{"assignerOrgId":"bcf7a16e-bfdc-46e4-9e42-4187da3f4410","assignerShortName":"M-Files Corporation","cveId":"CVE-2021-41810","datePublished":"2022-05-02T19:06:11.675Z","dateReserved":"2021-09-29T00:00:00.000Z","dateUpdated":"2026-02-23T11:09:14.739Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"}