Alfresco » Alfresco » 6.1 community : Security Vulnerabilities, CVEs,
Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via an uploaded document, when the attacker has write access to a project.
Max CVSS
5.4
EPSS Score
0.27%
Published
2020-03-02
Updated
2022-05-24
Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via a user profile photo, as demonstrated by a SCRIPT element in an SVG document.
Max CVSS
5.4
EPSS Score
0.27%
Published
2020-03-02
Updated
2022-05-24
Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via the URL property of a file.
Max CVSS
5.4
EPSS Score
0.27%
Published
2020-03-02
Updated
2022-05-24
An issue was discovered in Alfresco Community Edition versions below 5.2.6, 6.0.N and 6.1.N. The Alfresco Share application is vulnerable to an Open Redirect attack via a crafted POST request. By manipulating the POST parameters, an attacker can redirect a victim to a malicious website over any protocol the attacker desires (e.g.,http, https, ftp, smb, etc.).
Max CVSS
6.1
EPSS Score
0.21%
Published
2019-09-06
Updated
2020-07-23
4 vulnerabilities found