Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.1
FileMaker WebDirect Custom Homepage Allows Attackers to Access Data Remotely
CVE-2025-46320
Summary
A security weakness in FileMaker WebDirect's custom homepage could allow hackers to access your sensitive data and potentially run malicious code on your system. This issue has been fixed in the latest versions of FileMaker Server 22 and 21.1, so update to the latest version to protect your data.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| claris | filemaker_server | <= 21.1.7 | – |
| claris | filemaker_server | > 22.0.1 , <= 22.0.4 | – |
Original title
A cross-site scripting (XSS) vulnerability in a FileMaker WebDirect custom homepage could lead to unauthorized access and remote code execution. This vulnerability has been fully addressed in FileM...
Original description
A cross-site scripting (XSS) vulnerability in a FileMaker WebDirect custom homepage could lead to unauthorized access and remote code execution. This vulnerability has been fully addressed in FileMaker Server 22.0.4 and FileMaker Server 21.1.7.
nvd CVSS3.1
6.1
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
Published: 24 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026