Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
hyland alfresco content services vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-49964
An issue exists in Hyland Alfresco Community Edition up to and including 7.2.0. By inserting malicious content in the folder.get.html.ftl file, an attacker may perform SSTI (Server-Side Template Injection) attacks, which can leverage FreeMarker exposed objects to bypass restricti...
Hyland Alfresco Content Services
1 Github repository
578
VMScore
CVE-2021-41790
An issue exists in Hyland org.alfresco:alfresco-content-services up to and including 7.0.1.2. Script Action execution allows executing scripts uploaded outside of the Data Dictionary. This could allow a logged-in malicious user to execute arbitrary code inside a sandboxed environ...
Alfresco Alfresco Content Services 7.0.0.2
Alfresco Alfresco Content Services 7.0.0.1
Alfresco Alfresco Content Services 7.0
Alfresco Alfresco Content Services
445
VMScore
CVE-2021-41792
An issue exists in Hyland org.alfresco:alfresco-content-services up to and including 6.2.2.18 and org.alfresco:alfresco-transform-services up to and including 1.3. A crafted HTML file, once uploaded, could trigger an unexpected request by the transformation engine. The response t...
Alfresco Alfresco Content Services
Alfresco Alfresco Transform Services
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middle
CVE-2024-34558
CVE-2024-32674
CVE-2024-34351
XPath injection
CVE-2023-45866
CVE-2024-25528
CVE-2024-25517
path traversal
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started