Vulnerabilities > Alfresco > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-03-04 CVE-2020-18327 Cross-site Scripting vulnerability in Alfresco 5.2
Cross Site Scripting (XSS) vulnerability exists in Alfresco Alfresco Community Edition v5.2.0 via the action parameter in the alfresco/s/admin/admin-nodebrowser API.
network
alfresco CWE-79
4.3
2021-10-21 CVE-2021-41790 Unspecified vulnerability in Alfresco Content Services 7.0/7.0.0.1/7.0.0.2
An issue was discovered in Hyland org.alfresco:alfresco-content-services through 7.0.1.2.
network
low complexity
alfresco
6.5
2021-10-21 CVE-2021-41792 Server-Side Request Forgery (SSRF) vulnerability in Alfresco products
An issue was discovered in Hyland org.alfresco:alfresco-content-services through 6.2.2.18 and org.alfresco:alfresco-transform-services through 1.3.
network
low complexity
alfresco CWE-918
5.0
2020-09-17 CVE-2020-25728 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Alfresco Reset Password
The Reset Password add-on before 1.2.0 for Alfresco has a broken algorithm (involving an increment) that allows a malicious user to change any user's account password include the admin account.
network
low complexity
alfresco CWE-640
6.5
2019-09-06 CVE-2019-14223 Open Redirect vulnerability in Alfresco
An issue was discovered in Alfresco Community Edition versions below 5.2.6, 6.0.N and 6.1.N.
network
alfresco CWE-601
5.8
2015-04-21 CVE-2015-3366 Cross-Site Request Forgery (CSRF) vulnerability in Alfresco 6.X1.2
Cross-site request forgery (CSRF) vulnerability in the Alfresco module before 6.x-1.3 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that delete an alfresco node via unspecified vectors.
network
alfresco CWE-352
5.8
2014-12-07 CVE-2014-9302 Remote Security vulnerability in Community Edition
Server-side request forgery (SSRF) vulnerability in the cmisbrowser servlet in Content Management Interoperability Service (CMIS) in Alfresco Community Edition 5.0.a and earlier allows remote attackers to trigger outbound requests via a crafted URI in the url parameter.
network
low complexity
alfresco
5.0
2014-12-07 CVE-2014-9301 Remote Security vulnerability in Alfresco 4.2.F
Server-side request forgery (SSRF) vulnerability in the proxy servlet in Alfresco Community Edition before 5.0.a allows remote attackers to trigger outbound requests to intranet servers, conduct port scans, and read arbitrary files via a crafted URI in the endpoint parameter.
network
low complexity
alfresco
6.4
2014-12-07 CVE-2014-9300 Cross-Site Request Forgery (CSRF) vulnerability in Alfresco 4.2.F/5.0.A
Cross-site request forgery (CSRF) vulnerability in the cmisbrowser servlet in Content Management Interoperability Service (CMIS) in Alfresco Community Edition before 5.0.a allows remote attackers to hijack the authentication of users for requests that access unauthorized URLs and obtain user credentials via a URL in the url parameter.
network
alfresco CWE-352
6.8
2014-06-02 CVE-2014-2939 Cross-Site Scripting vulnerability in Alfresco 4.1.6
Multiple cross-site scripting (XSS) vulnerabilities in Alfresco Enterprise before 4.1.6.13 allow remote attackers to inject arbitrary web script or HTML via (1) an XHTML document, (2) a <% tag, or (3) the taskId parameter to share/page/task-edit.
network
alfresco CWE-79
4.3