Headline
CVE-2020-18327: Alfresco Alfresco : List of security vulnerabilities
Cross Site Scripting (XSS) vulnerability exists in Alfresco Alfresco Community Edition v5.2.0 via the action parameter in the alfresco/s/admin/admin-nodebrowser API. Fixed in v6.2
Alfresco » Alfresco : Security Vulnerabilities (Cross Site Scripting (XSS))
CVE ID
CWE ID
# of Exploits
Vulnerability Type(s)
Publish Date
Update Date
Score
Gained Access Level
Access
Complexity
Authentication
Conf.
Integ.
Avail.
1
CVE-2020-8778
79
XSS
2020-03-02
2020-03-03
3.5
None
Remote
Medium
???
None
Partial
None
Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via an uploaded document, when the attacker has write access to a project.
2
CVE-2020-8777
79
XSS
2020-03-02
2020-03-03
3.5
None
Remote
Medium
???
None
Partial
None
Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via a user profile photo, as demonstrated by a SCRIPT element in an SVG document.
3
CVE-2020-8776
79
XSS
2020-03-02
2020-03-03
3.5
None
Remote
Medium
???
None
Partial
None
Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via the URL property of a file.
4
CVE-2019-19496
79
XSS
2019-12-02
2019-12-11
3.5
None
Remote
Medium
???
None
Partial
None
Alfresco Enterprise before 5.2.5 allows stored XSS via an uploaded HTML document.
5
CVE-2014-2939
79
XSS
2014-06-02
2014-06-03
4.3
None
Remote
Medium
Not required
None
Partial
None
Multiple cross-site scripting (XSS) vulnerabilities in Alfresco Enterprise before 4.1.6.13 allow remote attackers to inject arbitrary web script or HTML via (1) an XHTML document, (2) a <% tag, or (3) the taskId parameter to share/page/task-edit.
Total number of vulnerabilities : 5 Page : 1 (This Page)