Vulnerabilities > Alfresco > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-03-04 CVE-2020-18327 Cross-site Scripting vulnerability in Alfresco 5.2
Cross Site Scripting (XSS) vulnerability exists in Alfresco Alfresco Community Edition v5.2.0 via the action parameter in the alfresco/s/admin/admin-nodebrowser API.
network
low complexity
alfresco CWE-79
6.1
2021-10-21 CVE-2021-41791 Cross-site Scripting vulnerability in Alfresco Community Share
An issue was discovered in Hyland org.alfresco:share through 7.0.0.2 and org.alfresco:community-share through 7.0.
network
low complexity
alfresco CWE-79
5.4
2021-10-21 CVE-2021-41792 Server-Side Request Forgery (SSRF) vulnerability in Alfresco products
An issue was discovered in Hyland org.alfresco:alfresco-content-services through 6.2.2.18 and org.alfresco:alfresco-transform-services through 1.3.
network
low complexity
alfresco CWE-918
5.3
2020-03-02 CVE-2020-8778 Cross-site Scripting vulnerability in Alfresco
Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via an uploaded document, when the attacker has write access to a project.
network
low complexity
alfresco CWE-79
5.4
2020-03-02 CVE-2020-8777 Cross-site Scripting vulnerability in Alfresco
Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via a user profile photo, as demonstrated by a SCRIPT element in an SVG document.
network
low complexity
alfresco CWE-79
5.4
2020-03-02 CVE-2020-8776 Cross-site Scripting vulnerability in Alfresco
Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via the URL property of a file.
network
low complexity
alfresco CWE-79
5.4
2019-12-02 CVE-2019-19496 Cross-site Scripting vulnerability in Alfresco
Alfresco Enterprise before 5.2.5 allows stored XSS via an uploaded HTML document.
network
low complexity
alfresco CWE-79
5.4
2019-09-06 CVE-2019-14223 Open Redirect vulnerability in Alfresco
An issue was discovered in Alfresco Community Edition versions below 5.2.6, 6.0.N and 6.1.N.
network
low complexity
alfresco CWE-601
6.1