Vulnerabilities > Alfresco > Alfresco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-04 | CVE-2020-18327 | Cross-site Scripting vulnerability in Alfresco 5.2 Cross Site Scripting (XSS) vulnerability exists in Alfresco Alfresco Community Edition v5.2.0 via the action parameter in the alfresco/s/admin/admin-nodebrowser API. | 4.3 |
| 2020-03-02 | CVE-2020-8778 | Cross-site Scripting vulnerability in Alfresco Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via an uploaded document, when the attacker has write access to a project. | 3.5 |
| 2020-03-02 | CVE-2020-8777 | Cross-site Scripting vulnerability in Alfresco Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via a user profile photo, as demonstrated by a SCRIPT element in an SVG document. | 3.5 |
| 2020-03-02 | CVE-2020-8776 | Cross-site Scripting vulnerability in Alfresco Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via the URL property of a file. | 3.5 |
| 2019-12-02 | CVE-2019-19496 | Cross-site Scripting vulnerability in Alfresco Alfresco Enterprise before 5.2.5 allows stored XSS via an uploaded HTML document. | 3.5 |
| 2019-09-06 | CVE-2019-14223 | Open Redirect vulnerability in Alfresco An issue was discovered in Alfresco Community Edition versions below 5.2.6, 6.0.N and 6.1.N. | 5.8 |
| 2019-09-05 | CVE-2019-14224 | Deserialization of Untrusted Data vulnerability in Alfresco 5.2 An issue was discovered in Alfresco Community Edition 5.2 201707. | 9.0 |
| 2019-09-05 | CVE-2019-14222 | Key Management Errors vulnerability in Alfresco An issue was discovered in Alfresco Community Edition versions 6.0 and lower. | 7.5 |
| 2019-08-26 | CVE-2019-15566 | SQL Injection vulnerability in Alfresco The Alfresco application before 1.8.7 for Android allows SQL injection in HistorySearchProvider.java. | 7.5 |
| 2015-04-21 | CVE-2015-3366 | Cross-Site Request Forgery (CSRF) vulnerability in Alfresco 6.X1.2 Cross-site request forgery (CSRF) vulnerability in the Alfresco module before 6.x-1.3 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that delete an alfresco node via unspecified vectors. | 5.8 |