Latest alfresco alfresco Vulnerabilities

CVE-2020-18327
Cross Site Scripting (XSS) vulnerability exists in Alfresco Alfresco Community Edition v5.2.0 via the action parameter in the alfresco/s/admin/admin-nodebrowser API. Fixed in v6.2
Alfresco Alfresco=5.2
CVE-2020-8776
Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via the URL property of a file.
Alfresco Alfresco<5.2.7
Alfresco Alfresco<6.2.0
CVE-2020-8778
Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via an uploaded document, when the attacker has write access to a project.
Alfresco Alfresco<5.2.7
Alfresco Alfresco<6.2.0
CVE-2020-8777
Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via a user profile photo, as demonstrated by a SCRIPT element in an SVG document.
Alfresco Alfresco<5.2.7
Alfresco Alfresco<6.2.0
CVE-2019-19496
Alfresco Enterprise before 5.2.5 allows stored XSS via an uploaded HTML document.
Alfresco Alfresco<5.2.5
CVE-2019-14223
An issue was discovered in Alfresco Community Edition versions below 5.2.6, 6.0.N and 6.1.N. The Alfresco Share application is vulnerable to an Open Redirect attack via a crafted POST request. By mani...
Alfresco Alfresco<5.2.6
Alfresco Alfresco=6.0
Alfresco Alfresco=6.1
CVE-2019-14222
Alfresco Alfresco<=6.0
CVE-2019-14224
An issue was discovered in Alfresco Community Edition 5.2 201707. By leveraging multiple components in the Alfresco Software applications, an exploit chain was observed that allows an attacker to achi...
Alfresco Alfresco=5.2
CVE-2019-15566
The Alfresco application before 1.8.7 for Android allows SQL injection in HistorySearchProvider.java.
Alfresco Alfresco<1.8.7

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203