From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability ID: CVE-2023-4479 2. Vulnerability Type: Stored XSS (Cross-Site Scripting) 3. Affected Product: M-Files Web versions prior to 23.08 4. Vulnerability Description: Within a specific time window, attackers could execute scripts via HTML documents stored in the user's browser. 5. Affected Product Versions: M-Files Web versions prior to 23.8 6. Additional Information: - Exploiting this vulnerability requires access to an M-Files Vault to store malicious HTML files, and a user must open the file via a specific link. - Typically, opening files from M-Files Web does not trigger the vulnerability. - The window of opportunity for successful exploitation is limited. 7. CVSS Score: - CVSS 3.1 Base Score: 7.3 - CVSS 3.1 Temporal Score: 6.4 - CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N 8. Vulnerability Classification: - CWE: CWE-79 (Cross-site Scripting) - CAPEC: CAPEC-592 (Stored XSS) 9. Internal ID: 167872 10. Release Date: 2023-08-22 11. Exploitability: - Public Disclosure: No - Already Exploited: No - Exploit Likelihood: Low – Responsible Disclosure 12. Links: - CVE-2023-4479 CVE Record: https://www.cve.org/CVERecord?id=CVE-2023-4479 13. History: - Published Date: 2024-03-04