CVE-2025-46320 | THREATINT

Description

A cross-site scripting (XSS) vulnerability in a FileMaker WebDirect custom homepage could lead to unauthorized access and remote code execution. This vulnerability has been fully addressed in FileMaker Server 22.0.4 and FileMaker Server 21.1.7.

PUBLISHED Reserved 2025-04-22 | Published 2026-02-24 | Updated 2026-02-24 | Assigner apple

Problem types

A cross-site scripting (XSS) vulnerability in a FileMaker WebDirect custom homepage could lead to unauthorized access and remote code execution.

Product status

Any version before 22.0.4

affected

Any version before 21.1.7

affected

References

support.claris.com/...swerview?anum=000049123&language=en_US

cve.org (CVE-2025-46320)

nvd.nist.gov (CVE-2025-46320)

Download JSON