CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-18327
https://notcve.org/view.php?id=CVE-2020-18327
Cross Site Scripting (XSS) vulnerability exists in Alfresco Alfresco Community Edition v5.2.0 via the action parameter in the alfresco/s/admin/admin-nodebrowser API. Fixed in v6.2 Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) en Alfresco Community Edition versión v5.2.0, por medio del parámetro action en la API alfresco/s/admin/admin-nodebrowser. Corregido en versión v6.2 • https://gist.github.com/paatui/a3c7ca8cf12594b437d3854f13d76cb8 https://www.cvedetails.com/vulnerability-list/vendor_id-13372/product_id-27784/opxss-1/Alfresco-Alfresco.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 2CVE-2020-8778 – Alfresco 5.2.4 - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-8778
Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via an uploaded document, when the attacker has write access to a project. Alfresco Enterprise versiones anteriores a 5.2.7 y Alfresco Community versiones anteriores a 6.2.0 (rb65251d6-b368), presentan una vulnerabilidad de tipo XSS por medio de un documento cargado, cuando el atacante posee acceso de escritura a un proyecto. Alfresco version 5.2.4 suffers from multiple persistent cross site scripting vulnerabilities. • https://www.exploit-db.com/exploits/48162 http://packetstormsecurity.com/files/156599/Alfresco-5.2.4-Cross-Site-Scripting.html https://gitlab.com/snippets/1937042 https://issues.alfresco.com/jira/browse/ALF-22110 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 2CVE-2020-8777 – Alfresco 5.2.4 - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-8777
Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via a user profile photo, as demonstrated by a SCRIPT element in an SVG document. Alfresco Enterprise versiones anteriores a.2.7 y Alfresco Community versiones anteriores a 6.2.0 (rb65251d6-b368), presentan una vulnerabilidad de tipo XSS por medio de una foto de perfil de usuario, como es demostrado por medio de un elemento SCRIPT en un documento SVG. Alfresco version 5.2.4 suffers from multiple persistent cross site scripting vulnerabilities. • https://www.exploit-db.com/exploits/48162 http://packetstormsecurity.com/files/156599/Alfresco-5.2.4-Cross-Site-Scripting.html https://gitlab.com/snippets/1937042 https://issues.alfresco.com/jira/browse/ALF-22110 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 2CVE-2020-8776 – Alfresco 5.2.4 - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-8776
Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via the URL property of a file. Alfresco Enterprise versiones anteriores a.2.7 y Alfresco Community versiones anteriores a 6.2.0 (rb65251d6-b368), presentan una vulnerabilidad de tipo XSS por medio de la propiedad URL de un archivo. Alfresco version 5.2.4 suffers from multiple persistent cross site scripting vulnerabilities. • https://www.exploit-db.com/exploits/48162 http://packetstormsecurity.com/files/156599/Alfresco-5.2.4-Cross-Site-Scripting.html https://gitlab.com/snippets/1937042 https://issues.alfresco.com/jira/browse/ALF-22110 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2019-19496
https://notcve.org/view.php?id=CVE-2019-19496
Alfresco Enterprise before 5.2.5 allows stored XSS via an uploaded HTML document. Alfresco Enterprise en versiones anteriores a la 5.2.5 permite un ataque de tipo XSS almacenado mediante un documento HTML cargado. • https://github.com/vipinxsec/Alfresco_XSS/blob/master/README.md https://vipinxsec.blogspot.com/2019/11/alfresco-stored-xss-vulnerability-blind.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •