Alfresco: >> Alfresco >> 4.1.6.13 Security Vulnerabilities
Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via the URL property of a file.
CVSS Score
5.4
EPSS Score
0.008
Published
2020-03-02
Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via a user profile photo, as demonstrated by a SCRIPT element in an SVG document.
CVSS Score
5.4
EPSS Score
0.006
Published
2020-03-02
Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via an uploaded document, when the attacker has write access to a project.
CVSS Score
5.4
EPSS Score
0.008
Published
2020-03-02
Alfresco Enterprise before 5.2.5 allows stored XSS via an uploaded HTML document.
CVSS Score
5.4
EPSS Score
0.003
Published
2019-12-02