CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-49964
https://notcve.org/view.php?id=CVE-2023-49964
An issue was discovered in Hyland Alfresco Community Edition through 7.2.0. By inserting malicious content in the folder.get.html.ftl file, an attacker may perform SSTI (Server-Side Template Injection) attacks, which can leverage FreeMarker exposed objects to bypass restrictions and achieve RCE (Remote Code Execution). NOTE: this issue exists because of an incomplete fix for CVE-2020-12873. Se descubrió un problema en Hyland Alfresco Community Edition hasta 7.2.0. Al insertar contenido malicioso en el archivo folder.get.html.ftl, un atacante puede realizar ataques SSTI (inyección de plantilla del lado del servidor), que pueden aprovechar los objetos expuestos de FreeMarker para evitar las restricciones y lograr RCE (ejecución remota de código). • https://github.com/mbadanoiu/CVE-2023-49964 https://www.alfresco.com/products/community/download • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2021-32828 – Regular expression Denial of Service in MooTools
https://notcve.org/view.php?id=CVE-2021-32828
The Nuxeo Platform is an open source content management platform for building business applications. In version 11.5.109, the `oauth2` REST API is vulnerable to Reflected Cross-Site Scripting (XSS). This XSS can be escalated to Remote Code Execution (RCE) by levering the automation API. • https://github.com/nuxeo/nuxeo/blob/master/modules/platform/nuxeo-platform-oauth/src/main/java/org/nuxeo/ecm/webengine/oauth2/OAuth2Callback.java https://securitylab.github.com/advisories/GHSL-2021-072-nuxeo • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-502: Deserialization of Untrusted Data •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 1CVE-2022-23342
https://notcve.org/view.php?id=CVE-2022-23342
The Hyland Onbase Application Server releases prior to 20.3.58.1000 and OnBase releases 21.1.1.1000 through 21.1.15.1000 are vulnerable to a username enumeration vulnerability. An attacker can obtain valid users based on the response returned for invalid and valid users by sending a POST login request to the /mobilebroker/ServiceToBroker.svc/Json/Connect endpoint. This can lead to user enumeration against the underlying Active Directory integrated systems. Hyland Onbase Application Server versiones anteriores a 20.3.58.1000 y OnBase versiones 21.1.1.1000 hasta 21.1.15.1000, son susceptibles a una vulnerabilidad de enumeración de nombres de usuario. Un atacante puede obtener usuarios válidos basándose en la respuesta devuelta para usuarios no válidos y válidos mediante el envío de una petición POST de inicio de sesión al endpoint /mobilebroker/ServiceToBroker.svc/Json/Connect. • https://github.com/InitRoot/CVE-2022-23342 https://community.hyland.com/login?returnUrl=/connect/hyland-research-and-development/security-advisories/username-enumeration-in-onbase •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-25247
https://notcve.org/view.php?id=CVE-2020-25247
An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. Directory traversal exists for writing to files, as demonstrated by the FileName parameter. Se detectó un problema en Hyland OnBase versiones hasta la 18.0.0.32 y versiones 19.x hasta 19.8.9.1000. Se presenta un salto de directorio para escribir en archivos, como es demostrado por el parámetro FileName • http://seclists.org/fulldisclosure/2020/Oct/9 https://seclists.org/fulldisclosure/2020/Sep/21 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2020-25248
https://notcve.org/view.php?id=CVE-2020-25248
An issue was discovered in Hyland OnBase through 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Directory traversal exists for reading files, as demonstrated by the FileName parameter. Se detectó un problema en Hyland OnBase hasta la versión 16.0.2.83 e inferior, versión 17.0.2.109 e inferior, versión 18.0.0.37 e inferior, versión 19.8.16.1000 e inferior y versión 20.3.10.1000 e inferior. Existe un recorrido de directorios para la lectura de archivos, como lo demuestra el parámetro FileName • http://seclists.org/fulldisclosure/2020/Oct/9 https://seclists.org/fulldisclosure/2020/Oct/9 https://seclists.org/fulldisclosure/2020/Sep/21 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •