CVE-2020-8776: XSS
First published: Mon Mar 02 2020(Updated: )
Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via the URL property of a file.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Alfresco Alfresco | <5.2.7 | |
| Alfresco Alfresco | <6.2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity level of CVE-2020-8776?
The severity level of CVE-2020-8776 is medium.
How does CVE-2020-8776 affect Alfresco Enterprise and Community?
CVE-2020-8776 affects Alfresco Enterprise versions prior to 5.2.7 and Alfresco Community versions prior to 6.2.0.
What is the vulnerability in Alfresco Enterprise and Community?
The vulnerability in Alfresco Enterprise and Community is an XSS (cross-site scripting) vulnerability via the URL property of a file.
How can I fix CVE-2020-8776 in Alfresco Enterprise and Community?
To fix CVE-2020-8776, update Alfresco Enterprise to version 5.2.7 or later, and update Alfresco Community to version 6.2.0 or later.
Where can I find more information about CVE-2020-8776?
You can find more information about CVE-2020-8776 at the following references: [link1](http://packetstormsecurity.com/files/156599/Alfresco-5.2.4-Cross-Site-Scripting.html), [link2](https://gitlab.com/snippets/1937042), [link3](https://issues.alfresco.com/jira/browse/ALF-22110).
- collector/nvd-index
- agent/weakness
- agent/type
- agent/event
- agent/author
- agent/severity
- agent/references
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- vendor/alfresco
- canonical/alfresco alfresco