CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 2CVE-2014-9300
https://notcve.org/view.php?id=CVE-2014-9300
Cross-site request forgery (CSRF) vulnerability in the cmisbrowser servlet in Content Management Interoperability Service (CMIS) in Alfresco Community Edition before 5.0.a allows remote attackers to hijack the authentication of users for requests that access unauthorized URLs and obtain user credentials via a URL in the url parameter. Vulnerabilidad de CSRF en el servlet cmisbrowser en Content Management Interoperability Service (CMIS) en Alfresco Community Edition anterior a 5.0.a permite a atacantes remotos secuestrar la autenticación de usuarios para solicitudes que acceden a URLs autorizadas y obtener las credenciales de usuarios a través de una URL en el parámetro url. • http://seclists.org/bugtraq/2014/Jul/72 https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140716-0_Alfresco_Community_Edition_Multiple_SSRF_vulnerabilities_v10.txt • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.4EPSS: 2%CPEs: 1EXPL: 3CVE-2014-9301 – Alfresco - '/proxy?endpoint' Server-Side Request Forgery
https://notcve.org/view.php?id=CVE-2014-9301
Server-side request forgery (SSRF) vulnerability in the proxy servlet in Alfresco Community Edition before 5.0.a allows remote attackers to trigger outbound requests to intranet servers, conduct port scans, and read arbitrary files via a crafted URI in the endpoint parameter. Vulnerabilidad de SSRF en el servlet proxy en Alfresco Community Edition anterior a 5.0.a permite a atacantes remotos provocar solicitudes salientes a servidores de intranet, realizar el escaneo de puertos, y leer ficheros arbitrarios a través de una URI manipulada en el parámetro endpoint. • https://www.exploit-db.com/exploits/39258 http://seclists.org/bugtraq/2014/Jul/72 https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140716-0_Alfresco_Community_Edition_Multiple_SSRF_vulnerabilities_v10.txt •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2014-2939
https://notcve.org/view.php?id=CVE-2014-2939
Multiple cross-site scripting (XSS) vulnerabilities in Alfresco Enterprise before 4.1.6.13 allow remote attackers to inject arbitrary web script or HTML via (1) an XHTML document, (2) a <% tag, or (3) the taskId parameter to share/page/task-edit. Múltiples vulnerabilidades de XSS en Alfresco Enterprise before 4.1.6.13 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de (1) un documento XHTML, (2) una etiqueta <% o (3) el parámetro taskId hacia share/page/task-edit. • http://www.kb.cert.org/vuls/id/537684 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •