Filtered by vendor Alfresco
Subscribe
Search
Total
7 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-8778 | 1 Alfresco | 1 Alfresco | 2022-05-24 | 3.5 LOW | 5.4 MEDIUM |
| Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via an uploaded document, when the attacker has write access to a project. | |||||
| CVE-2020-8776 | 1 Alfresco | 1 Alfresco | 2022-05-24 | 3.5 LOW | 5.4 MEDIUM |
| Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via the URL property of a file. | |||||
| CVE-2020-8777 | 1 Alfresco | 1 Alfresco | 2022-05-24 | 3.5 LOW | 5.4 MEDIUM |
| Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via a user profile photo, as demonstrated by a SCRIPT element in an SVG document. | |||||
| CVE-2021-41792 | 1 Alfresco | 2 Alfresco Content Services, Alfresco Transform Services | 2021-10-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Hyland org.alfresco:alfresco-content-services through 6.2.2.18 and org.alfresco:alfresco-transform-services through 1.3. A crafted HTML file, once uploaded, could trigger an unexpected request by the transformation engine. The response to the request is not available to the attacker, i.e., this is blind SSRF. | |||||
| CVE-2021-41791 | 1 Alfresco | 2 Community Share, Share | 2021-10-27 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Hyland org.alfresco:share through 7.0.0.2 and org.alfresco:community-share through 7.0. An evasion of the XSS filter for HTML input validation in the Alfresco Share User Interface leads to stored XSS that could be exploited by an attacker (given that he has privileges on the content collaboration features). | |||||
| CVE-2019-14223 | 1 Alfresco | 1 Alfresco | 2020-07-23 | 5.8 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Alfresco Community Edition versions below 5.2.6, 6.0.N and 6.1.N. The Alfresco Share application is vulnerable to an Open Redirect attack via a crafted POST request. By manipulating the POST parameters, an attacker can redirect a victim to a malicious website over any protocol the attacker desires (e.g.,http, https, ftp, smb, etc.). | |||||
| CVE-2019-19496 | 1 Alfresco | 1 Alfresco | 2019-12-11 | 3.5 LOW | 5.4 MEDIUM |
| Alfresco Enterprise before 5.2.5 allows stored XSS via an uploaded HTML document. | |||||