First published: Mon Mar 02 2020(Updated: )
Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via an uploaded document, when the attacker has write access to a project.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Alfresco Alfresco | <5.2.7 | |
Alfresco Alfresco | <6.2.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Alfresco exploit is CVE-2020-8778.
The severity level of CVE-2020-8778 is medium (5.4).
Alfresco Enterprise versions up to exclusive 5.2.7 and Alfresco Community versions up to exclusive 6.2.0 are affected by CVE-2020-8778.
The vulnerability CVE-2020-8778 manifests as a cross-site scripting (XSS) attack via an uploaded document when the attacker has write access to a project in Alfresco Enterprise and Alfresco Community.
Yes, here are some reference links related to CVE-2020-8778: [Packet Storm Security](http://packetstormsecurity.com/files/156599/Alfresco-5.2.4-Cross-Site-Scripting.html), [GitLab Snippets](https://gitlab.com/snippets/1937042), [Alfresco Issues](https://issues.alfresco.com/jira/browse/ALF-22110).