Vulnerabilities > Alfresco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-04 | CVE-2020-18327 | Cross-site Scripting vulnerability in Alfresco 5.2 Cross Site Scripting (XSS) vulnerability exists in Alfresco Alfresco Community Edition v5.2.0 via the action parameter in the alfresco/s/admin/admin-nodebrowser API. | 4.3 |
| 2021-10-21 | CVE-2021-41790 | Unspecified vulnerability in Alfresco Content Services 7.0/7.0.0.1/7.0.0.2 An issue was discovered in Hyland org.alfresco:alfresco-content-services through 7.0.1.2. | 6.5 |
| 2021-10-21 | CVE-2021-41792 | Server-Side Request Forgery (SSRF) vulnerability in Alfresco products An issue was discovered in Hyland org.alfresco:alfresco-content-services through 6.2.2.18 and org.alfresco:alfresco-transform-services through 1.3. | 5.0 |
| 2020-09-17 | CVE-2020-25728 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Alfresco Reset Password The Reset Password add-on before 1.2.0 for Alfresco has a broken algorithm (involving an increment) that allows a malicious user to change any user's account password include the admin account. | 6.5 |
| 2019-09-06 | CVE-2019-14223 | Open Redirect vulnerability in Alfresco An issue was discovered in Alfresco Community Edition versions below 5.2.6, 6.0.N and 6.1.N. | 5.8 |
| 2015-04-21 | CVE-2015-3366 | Cross-Site Request Forgery (CSRF) vulnerability in Alfresco 6.X1.2 Cross-site request forgery (CSRF) vulnerability in the Alfresco module before 6.x-1.3 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that delete an alfresco node via unspecified vectors. | 5.8 |
| 2014-12-07 | CVE-2014-9302 | Remote Security vulnerability in Community Edition Server-side request forgery (SSRF) vulnerability in the cmisbrowser servlet in Content Management Interoperability Service (CMIS) in Alfresco Community Edition 5.0.a and earlier allows remote attackers to trigger outbound requests via a crafted URI in the url parameter. | 5.0 |
| 2014-12-07 | CVE-2014-9301 | Remote Security vulnerability in Alfresco 4.2.F Server-side request forgery (SSRF) vulnerability in the proxy servlet in Alfresco Community Edition before 5.0.a allows remote attackers to trigger outbound requests to intranet servers, conduct port scans, and read arbitrary files via a crafted URI in the endpoint parameter. | 6.4 |
| 2014-12-07 | CVE-2014-9300 | Cross-Site Request Forgery (CSRF) vulnerability in Alfresco 4.2.F/5.0.A Cross-site request forgery (CSRF) vulnerability in the cmisbrowser servlet in Content Management Interoperability Service (CMIS) in Alfresco Community Edition before 5.0.a allows remote attackers to hijack the authentication of users for requests that access unauthorized URLs and obtain user credentials via a URL in the url parameter. | 6.8 |
| 2014-06-02 | CVE-2014-2939 | Cross-Site Scripting vulnerability in Alfresco 4.1.6 Multiple cross-site scripting (XSS) vulnerabilities in Alfresco Enterprise before 4.1.6.13 allow remote attackers to inject arbitrary web script or HTML via (1) an XHTML document, (2) a <% tag, or (3) the taskId parameter to share/page/task-edit. | 4.3 |