Vulnerabilities > Alfresco > Alfresco > 4.1.6
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-03-02 | CVE-2020-8778 | Cross-site Scripting vulnerability in Alfresco Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via an uploaded document, when the attacker has write access to a project. | 3.5 |
2020-03-02 | CVE-2020-8777 | Cross-site Scripting vulnerability in Alfresco Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via a user profile photo, as demonstrated by a SCRIPT element in an SVG document. | 3.5 |
2020-03-02 | CVE-2020-8776 | Cross-site Scripting vulnerability in Alfresco Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via the URL property of a file. | 3.5 |
2019-12-02 | CVE-2019-19496 | Cross-site Scripting vulnerability in Alfresco Alfresco Enterprise before 5.2.5 allows stored XSS via an uploaded HTML document. | 3.5 |
2014-06-02 | CVE-2014-2939 | Cross-Site Scripting vulnerability in Alfresco 4.1.6 Multiple cross-site scripting (XSS) vulnerabilities in Alfresco Enterprise before 4.1.6.13 allow remote attackers to inject arbitrary web script or HTML via (1) an XHTML document, (2) a <% tag, or (3) the taskId parameter to share/page/task-edit. | 4.3 |