Hyland: >> Alfresco Content Services >> 7.2.0 Security Vulnerabilities
A reflected cross-site scripting (XSS) vulnerability in Hyland Alfresco Platform 23.2.1-r96 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the parameter htmlid.
CVSS Score
6.1
EPSS Score
0.002
Published
2024-07-20
An issue was discovered in Hyland Alfresco Community Edition through 7.2.0. By inserting malicious content in the folder.get.html.ftl file, an attacker may perform SSTI (Server-Side Template Injection) attacks, which can leverage FreeMarker exposed objects to bypass restrictions and achieve RCE (Remote Code Execution). NOTE: this issue exists because of an incomplete fix for CVE-2020-12873.
CVSS Score
8.8
EPSS Score
0.059
Published
2023-12-11