Vulnerabilities > Alfresco > Alfresco > 5.0.a
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-02 | CVE-2020-8778 | Cross-site Scripting vulnerability in Alfresco Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via an uploaded document, when the attacker has write access to a project. | 3.5 |
| 2020-03-02 | CVE-2020-8777 | Cross-site Scripting vulnerability in Alfresco Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via a user profile photo, as demonstrated by a SCRIPT element in an SVG document. | 3.5 |
| 2020-03-02 | CVE-2020-8776 | Cross-site Scripting vulnerability in Alfresco Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via the URL property of a file. | 3.5 |
| 2019-09-06 | CVE-2019-14223 | Open Redirect vulnerability in Alfresco An issue was discovered in Alfresco Community Edition versions below 5.2.6, 6.0.N and 6.1.N. | 5.8 |
| 2019-09-05 | CVE-2019-14222 | Key Management Errors vulnerability in Alfresco An issue was discovered in Alfresco Community Edition versions 6.0 and lower. | 7.5 |
| 2014-12-07 | CVE-2014-9300 | Cross-Site Request Forgery (CSRF) vulnerability in Alfresco 4.2.F/5.0.A Cross-site request forgery (CSRF) vulnerability in the cmisbrowser servlet in Content Management Interoperability Service (CMIS) in Alfresco Community Edition before 5.0.a allows remote attackers to hijack the authentication of users for requests that access unauthorized URLs and obtain user credentials via a URL in the url parameter. | 6.8 |