Vulnerability Details CVE-2020-8777
Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via a user profile photo, as demonstrated by a SCRIPT element in an SVG document.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 69.3%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
- http://packetstormsecurity.com/files/156599/Alfresco-5.2.4-Cross-Site-Scripting.html
- https://gitlab.com/snippets/1937042
- https://issues.alfresco.com/jira/browse/ALF-22110
- http://packetstormsecurity.com/files/156599/Alfresco-5.2.4-Cross-Site-Scripting.html
- https://gitlab.com/snippets/1937042
- https://issues.alfresco.com/jira/browse/ALF-22110
Products affected by CVE-2020-8777
-
cpe:2.3:a:alfresco:alfresco:4.1.6
-
cpe:2.3:a:alfresco:alfresco:4.1.6.13
-
cpe:2.3:a:alfresco:alfresco:4.2.f
-
cpe:2.3:a:alfresco:alfresco:5.0.a
-
cpe:2.3:a:alfresco:alfresco:5.2
-
cpe:2.3:a:alfresco:alfresco:5.2.0
-
cpe:2.3:a:alfresco:alfresco:5.2.1
-
cpe:2.3:a:alfresco:alfresco:5.2.2
-
cpe:2.3:a:alfresco:alfresco:5.2.3
-
cpe:2.3:a:alfresco:alfresco:5.2.4
-
cpe:2.3:a:alfresco:alfresco:5.2.5
-
cpe:2.3:a:alfresco:alfresco:5.2.6
-
cpe:2.3:a:alfresco:alfresco:6.0
-
cpe:2.3:a:alfresco:alfresco:6.1