CVE-2025-46320

← CVEs

MED 6.1

Published

2026-02-24

Last Modified

2026-02-25

Affected Apps

Affected Devices

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

A cross-site scripting (XSS) vulnerability in a FileMaker WebDirect custom homepage could lead to unauthorized access and remote code execution. This vulnerability has been fully addressed in FileMaker Server 22.0.4 and FileMaker Server 21.1.7.

Affected Applications in Environment 2

FileMaker Server v15.0.3 (10-27-2016)

1 device

server v1.0.0.0

1 device

Affected Devices 2

EBB107-01 Windows EDUCDB1 Windows

References 1

https://support.claris.com/s/answerview?anum=000049123&language=en_US