CVEDB API

Vulnerabilities

Vulnerable Software

Alfresco: >> Alfresco Security Vulnerabilities

CVE-2014-9301

Server-side request forgery (SSRF) vulnerability in the proxy servlet in Alfresco Community Edition before 5.0.a allows remote attackers to trigger outbound requests to intranet servers, conduct port scans, and read arbitrary files via a crafted URI in the endpoint parameter.

CVSS Score

6.4

EPSS Score

0.042

Published

2014-12-07

CVE-2014-9300

Cross-site request forgery (CSRF) vulnerability in the cmisbrowser servlet in Content Management Interoperability Service (CMIS) in Alfresco Community Edition before 5.0.a allows remote attackers to hijack the authentication of users for requests that access unauthorized URLs and obtain user credentials via a URL in the url parameter.

CVSS Score

6.8

EPSS Score

0.001

Published

2014-12-07

CVE-2014-2939

Multiple cross-site scripting (XSS) vulnerabilities in Alfresco Enterprise before 4.1.6.13 allow remote attackers to inject arbitrary web script or HTML via (1) an XHTML document, (2) a <% tag, or (3) the taskId parameter to share/page/task-edit.

CVSS Score

4.3

EPSS Score

0.003

Published

2014-06-02

Page 2

Vulnerabilities

Vulnerable Software

Alfresco: >> Alfresco Security Vulnerabilities

Products

Pricing

Contact Us