First published: Mon Mar 02 2020(Updated: )
Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via a user profile photo, as demonstrated by a SCRIPT element in an SVG document.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Alfresco Alfresco | <5.2.7 | |
Alfresco Alfresco | <6.2.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2020-8777.
CVE-2020-8777 has a severity rating of 5.4, which is considered medium.
The affected software versions are Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0.
CVE-2020-8777 allows an attacker to perform cross-site scripting (XSS) by injecting a SCRIPT element in an SVG document through a user profile photo.
Yes, it is recommended to update to Alfresco Enterprise 5.2.7 or later, or Alfresco Community 6.2.0 or later, to mitigate this vulnerability.