Vulnerabilities > Alfresco

DATE	CVE	VULNERABILITY TITLE	RISK
2022-03-04	CVE-2020-18327	Cross-site Scripting vulnerability in Alfresco 5.2 Cross Site Scripting (XSS) vulnerability exists in Alfresco Alfresco Community Edition v5.2.0 via the action parameter in the alfresco/s/admin/admin-nodebrowser API. network low complexity alfresco CWE-79	6.1
2021-10-21	CVE-2021-41790	Unspecified vulnerability in Alfresco Content Services 7.0/7.0.0.1/7.0.0.2 An issue was discovered in Hyland org.alfresco:alfresco-content-services through 7.0.1.2. network low complexity alfresco	8.8
2021-10-21	CVE-2021-41791	Cross-site Scripting vulnerability in Alfresco Community Share An issue was discovered in Hyland org.alfresco:share through 7.0.0.2 and org.alfresco:community-share through 7.0. network low complexity alfresco CWE-79	5.4
2021-10-21	CVE-2021-41792	Server-Side Request Forgery (SSRF) vulnerability in Alfresco products An issue was discovered in Hyland org.alfresco:alfresco-content-services through 6.2.2.18 and org.alfresco:alfresco-transform-services through 1.3. network low complexity alfresco CWE-918	5.3
2020-09-18	CVE-2020-15181	Unspecified vulnerability in Alfresco Reset Password The Alfresco Reset Password add-on before version 1.2.0 relies on untrusted inputs in a security decision. network low complexity alfresco critical	9.8
2020-09-17	CVE-2020-25728	Weak Password Recovery Mechanism for Forgotten Password vulnerability in Alfresco Reset Password The Reset Password add-on before 1.2.0 for Alfresco has a broken algorithm (involving an increment) that allows a malicious user to change any user's account password include the admin account. network low complexity alfresco CWE-640	8.8
2020-03-02	CVE-2020-8778	Cross-site Scripting vulnerability in Alfresco Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via an uploaded document, when the attacker has write access to a project. network low complexity alfresco CWE-79	5.4
2020-03-02	CVE-2020-8777	Cross-site Scripting vulnerability in Alfresco Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via a user profile photo, as demonstrated by a SCRIPT element in an SVG document. network low complexity alfresco CWE-79	5.4
2020-03-02	CVE-2020-8776	Cross-site Scripting vulnerability in Alfresco Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via the URL property of a file. network low complexity alfresco CWE-79	5.4
2019-12-02	CVE-2019-19496	Cross-site Scripting vulnerability in Alfresco Alfresco Enterprise before 5.2.5 allows stored XSS via an uploaded HTML document. network low complexity alfresco CWE-79	5.4

Vulnerabilities > Alfresco {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Alfresco"}]}

Vulnerabilities > Alfresco