Primary

Context

Claris FileMaker WebDirect Cross-Site Scripting Vulnerability Allowing Remote Code Execution

Vulnerability

Patched

A cross-site scripting (XSS) vulnerability has been identified in Claris FileMaker WebDirect custom homepages. This issue could lead to unauthorized access and remote code execution. The vulnerability affects FileMaker Server versions 21.1.6 and prior, as well as version 22.0.3 and prior.

Impact

Exploitation of this vulnerability could result in cross-site scripting, allowing an attacker to inject malicious scripts that could be executed in the context of the user's browser. This could lead to unauthorized access and remote code execution on the server.

Remediation

Users are advised to update to FileMaker Server version 22.0.4 or 21.1.7.

Added: Feb 24, 2026, 9:20 PM

Updated: Feb 24, 2026, 11:13 PM

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

10.0

exploitability

6.4

remediation

7.7

relevance

3.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

10.0

exploitability

6.4

remediation

7.7

relevance

3.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Claris FileMaker WebDirect Cross-Site Scripting Vulnerability Allowing Remote Code Execution

Vulnerability

Impact

Remediation

Affected Products

Claris FileMaker Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating