CVSS: 7.7EPSS: 1%CPEs: 1EXPL: 0CVE-2024-29309
https://notcve.org/view.php?id=CVE-2024-29309
02 May 2024 — An issue in Alfresco Content Services v.23.3.0.7 allows a remote attacker to execute arbitrary code via the Transfer Service. Un problema en Alfresco Content Services v.23.3.0.7 permite a un atacante remoto ejecutar código arbitrario a través del Servicio de Transferencia. • https://gist.github.com/Siebene/c22e1a4a4a8b61067180475895e60858 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-18327
https://notcve.org/view.php?id=CVE-2020-18327
04 Mar 2022 — Cross Site Scripting (XSS) vulnerability exists in Alfresco Alfresco Community Edition v5.2.0 via the action parameter in the alfresco/s/admin/admin-nodebrowser API. Fixed in v6.2 Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) en Alfresco Community Edition versión v5.2.0, por medio del parámetro action en la API alfresco/s/admin/admin-nodebrowser. Corregido en versión v6.2 • https://gist.github.com/paatui/a3c7ca8cf12594b437d3854f13d76cb8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2021-41792
https://notcve.org/view.php?id=CVE-2021-41792
21 Oct 2021 — An issue was discovered in Hyland org.alfresco:alfresco-content-services through 6.2.2.18 and org.alfresco:alfresco-transform-services through 1.3. A crafted HTML file, once uploaded, could trigger an unexpected request by the transformation engine. The response to the request is not available to the attacker, i.e., this is blind SSRF. Se ha detectado un problema en Hyland org.alfresco:alfresco-content-services versiones hasta 6.2.2.18 y org.alfresco:alfresco-transform-services versiones hasta 1.3. Un archi... • https://github.com/Alfresco/acs-packaging/blob/master/DISCLOSURES.md • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.4EPSS: 0%CPEs: 9EXPL: 0CVE-2021-41791
https://notcve.org/view.php?id=CVE-2021-41791
21 Oct 2021 — An issue was discovered in Hyland org.alfresco:share through 7.0.0.2 and org.alfresco:community-share through 7.0. An evasion of the XSS filter for HTML input validation in the Alfresco Share User Interface leads to stored XSS that could be exploited by an attacker (given that he has privileges on the content collaboration features). Se ha detectado un problema en Hyland org.alfresco:share versiones hasta 7.0.0.2 y org.alfresco:community-share versiones hasta 7.0. Una omisión del filtro de tipo XSS para la ... • https://github.com/Alfresco/acs-packaging/blob/master/DISCLOSURES.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-41790
https://notcve.org/view.php?id=CVE-2021-41790
21 Oct 2021 — An issue was discovered in Hyland org.alfresco:alfresco-content-services through 7.0.1.2. Script Action execution allows executing scripts uploaded outside of the Data Dictionary. This could allow a logged-in attacker to execute arbitrary code inside a sandboxed environment. Se ha detectado un problema en Hyland org.alfresco:alfresco-content-services versiones hasta 7.0.1.2. La ejecución de acciones de script permite ejecutar scripts cargados fuera del diccionario de datos. • https://github.com/Alfresco/acs-packaging/blob/master/DISCLOSURES.md •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15181 – Admin account takeover in Alfresco Reset Password
https://notcve.org/view.php?id=CVE-2020-15181
18 Sep 2020 — The Alfresco Reset Password add-on before version 1.2.0 relies on untrusted inputs in a security decision. Intruders can get admin's access to the system using the vulnerability in the project. Impacts all servers where this add-on is installed. The problem is fixed in version 1.2.0 El add-on Alfresco Reset Password versiones anteriores a 1.2.0, se basa en entradas no confiables en una decisión de seguridad. Los intrusos pueden conseguir acceso de administrador al sistema usando la vulnerabilidad en el... • https://github.com/FlexSolution/AlfrescoResetPassword/commit/5927b9651356c4cd952cb9b485292583d305b47c • CWE-20: Improper Input Validation CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-25728
https://notcve.org/view.php?id=CVE-2020-25728
17 Sep 2020 — The Reset Password add-on before 1.2.0 for Alfresco has a broken algorithm (involving an increment) that allows a malicious user to change any user's account password include the admin account. El add-on Reset Password versiones anteriores a 1.2.0 para Alfresco, presenta un algoritmo roto (que implica un incremento) que permite a un usuario malicioso cambiar la contraseña de la cuenta de cualquier usuario, incluyendo la cuenta de administrador • https://amriunix.com/post/alfresco-reset-password-add-on-0-day-vulnerabilities • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 3CVE-2020-8778 – Alfresco 5.2.4 - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-8778
02 Mar 2020 — Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via an uploaded document, when the attacker has write access to a project. Alfresco Enterprise versiones anteriores a 5.2.7 y Alfresco Community versiones anteriores a 6.2.0 (rb65251d6-b368), presentan una vulnerabilidad de tipo XSS por medio de un documento cargado, cuando el atacante posee acceso de escritura a un proyecto. Alfresco version 5.2.4 suffers from multiple persistent cross site scripting vulnerabiliti... • https://packetstorm.news/files/id/156599 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 3CVE-2020-8777 – Alfresco 5.2.4 - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-8777
02 Mar 2020 — Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via a user profile photo, as demonstrated by a SCRIPT element in an SVG document. Alfresco Enterprise versiones anteriores a.2.7 y Alfresco Community versiones anteriores a 6.2.0 (rb65251d6-b368), presentan una vulnerabilidad de tipo XSS por medio de una foto de perfil de usuario, como es demostrado por medio de un elemento SCRIPT en un documento SVG. Alfresco version 5.2.4 suffers from multiple persistent cross si... • https://packetstorm.news/files/id/156599 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 3CVE-2020-8776 – Alfresco 5.2.4 - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-8776
02 Mar 2020 — Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via the URL property of a file. Alfresco Enterprise versiones anteriores a.2.7 y Alfresco Community versiones anteriores a 6.2.0 (rb65251d6-b368), presentan una vulnerabilidad de tipo XSS por medio de la propiedad URL de un archivo. Alfresco version 5.2.4 suffers from multiple persistent cross site scripting vulnerabilities. • https://packetstorm.news/files/id/156599 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •