Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
alfresco alfresco vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-29309
An issue in Alfresco Content Services v.23.3.0.7 allows a remote malicious user to execute arbitrary code via the Transfer Service.
8.8
CVSSv3
CVE-2023-49964
An issue exists in Hyland Alfresco Community Edition up to and including 7.2.0. By inserting malicious content in the folder.get.html.ftl file, an attacker may perform SSTI (Server-Side Template Injection) attacks, which can leverage FreeMarker exposed objects to bypass restricti...
Hyland Alfresco Content Services
1 Github repository
6.1
CVSSv3
CVE-2020-18327
Cross Site Scripting (XSS) vulnerability exists in Alfresco Alfresco Community Edition v5.2.0 via the action parameter in the alfresco/s/admin/admin-nodebrowser API. Fixed in v6.2
Alfresco Alfresco 5.2
5.3
CVSSv3
CVE-2021-41792
An issue exists in Hyland org.alfresco:alfresco-content-services up to and including 6.2.2.18 and org.alfresco:alfresco-transform-services up to and including 1.3. A crafted HTML file, once uploaded, could trigger an unexpected request by the transformation engine. The response t...
Alfresco Alfresco Content Services
Alfresco Alfresco Transform Services
8.8
CVSSv3
CVE-2021-41790
An issue exists in Hyland org.alfresco:alfresco-content-services up to and including 7.0.1.2. Script Action execution allows executing scripts uploaded outside of the Data Dictionary. This could allow a logged-in malicious user to execute arbitrary code inside a sandboxed environ...
Alfresco Alfresco Content Services 7.0.0.2
Alfresco Alfresco Content Services 7.0.0.1
Alfresco Alfresco Content Services 7.0
Alfresco Alfresco Content Services
5.4
CVSSv3
CVE-2021-41791
An issue exists in Hyland org.alfresco:share up to and including 7.0.0.2 and org.alfresco:community-share up to and including 7.0. An evasion of the XSS filter for HTML input validation in the Alfresco Share User Interface leads to stored XSS that could be exploited by an attacke...
Alfresco Community Share
Alfresco Share
Alfresco Share 7.0
Alfresco Share 7.0.0.1
Alfresco Share 7.0.0.2
Alfresco Share 7.0.1
8.8
CVSSv3
CVE-2020-12873
An issue exists in Alfresco Enterprise Content Management (ECM) prior to 6.2.1. A user with privileges to edit a FreeMarker template (e.g., a webscript) may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running Alfresco.
Atlassian Alfresco Enterprise Content Management
1 Github repository
9.8
CVSSv3
CVE-2020-15181
The Alfresco Reset Password add-on before version 1.2.0 relies on untrusted inputs in a security decision. Intruders can get admin's access to the system using the vulnerability in the project. Impacts all servers where this add-on is installed. The problem is fixed in versi...
Alfresco Reset Password
7.5
CVSSv3
CVE-2020-25727
The Reset Password add-on prior to 1.2.0 for Alfresco suffers from CMIS-SQL Injection, which allows a malicious user to inject a query within the email input field.
Flexsolution Reset Password
8.8
CVSSv3
CVE-2020-25728
The Reset Password add-on prior to 1.2.0 for Alfresco has a broken algorithm (involving an increment) that allows a malicious user to change any user's account password include the admin account.
Alfresco Reset Password
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »