First published: Mon Dec 02 2019(Updated: )
Alfresco Enterprise before 5.2.5 allows stored XSS via an uploaded HTML document.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Alfresco Alfresco | <5.2.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2019-19496 is medium with a CVSS score of 5.4.
CVE-2019-19496 affects Alfresco Enterprise versions up to and excluding 5.2.5.
CVE-2019-19496 is a stored cross-site scripting (XSS) vulnerability in Alfresco Enterprise that occurs when an uploaded HTML document is not properly sanitized.
To exploit CVE-2019-19496, an attacker can upload a malicious HTML document containing script code, which will then be executed by unsuspecting users who view the document.
To mitigate CVE-2019-19496, upgrade Alfresco Enterprise to version 5.2.5 or later, which includes a fix for this vulnerability.