Vulnerabilities > Alfresco > Alfresco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-12-07 | CVE-2014-9301 | Remote Security vulnerability in Alfresco 4.2.F Server-side request forgery (SSRF) vulnerability in the proxy servlet in Alfresco Community Edition before 5.0.a allows remote attackers to trigger outbound requests to intranet servers, conduct port scans, and read arbitrary files via a crafted URI in the endpoint parameter. | 6.4 |
| 2014-12-07 | CVE-2014-9300 | Cross-Site Request Forgery (CSRF) vulnerability in Alfresco 4.2.F/5.0.A Cross-site request forgery (CSRF) vulnerability in the cmisbrowser servlet in Content Management Interoperability Service (CMIS) in Alfresco Community Edition before 5.0.a allows remote attackers to hijack the authentication of users for requests that access unauthorized URLs and obtain user credentials via a URL in the url parameter. | 6.8 |
| 2014-06-02 | CVE-2014-2939 | Cross-Site Scripting vulnerability in Alfresco 4.1.6 Multiple cross-site scripting (XSS) vulnerabilities in Alfresco Enterprise before 4.1.6.13 allow remote attackers to inject arbitrary web script or HTML via (1) an XHTML document, (2) a <% tag, or (3) the taskId parameter to share/page/task-edit. | 4.3 |