Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
alfresco alfresco vulnerabilities and exploits
(subscribe to this query)
312
VMScore
CVE-2019-19496
Alfresco Enterprise prior to 5.2.5 allows stored XSS via an uploaded HTML document.
Alfresco Alfresco
645
VMScore
CVE-2014-9301
Server-side request forgery (SSRF) vulnerability in the proxy servlet in Alfresco Community Edition prior to 5.0.a allows remote malicious users to trigger outbound requests to intranet servers, conduct port scans, and read arbitrary files via a crafted URI in the endpoint parame...
Alfresco Alfresco
1 EDB exploit
1 Github repository
355
VMScore
CVE-2020-8776
Alfresco Enterprise prior to 5.2.7 and Alfresco Community prior to 6.2.0 (rb65251d6-b368) has XSS via the URL property of a file.
Alfresco Alfresco
1 EDB exploit
355
VMScore
CVE-2020-8777
Alfresco Enterprise prior to 5.2.7 and Alfresco Community prior to 6.2.0 (rb65251d6-b368) has XSS via a user profile photo, as demonstrated by a SCRIPT element in an SVG document.
Alfresco Alfresco
1 EDB exploit
383
VMScore
CVE-2020-18327
Cross Site Scripting (XSS) vulnerability exists in Alfresco Alfresco Community Edition v5.2.0 via the action parameter in the alfresco/s/admin/admin-nodebrowser API. Fixed in v6.2
Alfresco Alfresco 5.2
801
VMScore
CVE-2019-14224
An issue exists in Alfresco Community Edition 5.2 201707. By leveraging multiple components in the Alfresco Software applications, an exploit chain was observed that allows an malicious user to achieve remote code execution on the victim machine. The attacker must upload maliciou...
Alfresco Alfresco 5.2
578
VMScore
CVE-2020-25728
The Reset Password add-on prior to 1.2.0 for Alfresco has a broken algorithm (involving an increment) that allows a malicious user to change any user's account password include the admin account.
Alfresco Reset Password
890
VMScore
CVE-2020-15181
The Alfresco Reset Password add-on before version 1.2.0 relies on untrusted inputs in a security decision. Intruders can get admin's access to the system using the vulnerability in the project. Impacts all servers where this add-on is installed. The problem is fixed in versi...
Alfresco Reset Password
505
VMScore
CVE-2014-9302
Server-side request forgery (SSRF) vulnerability in the cmisbrowser servlet in Content Management Interoperability Service (CMIS) in Alfresco Community Edition 5.0.a and previous versions allows remote malicious users to trigger outbound requests via a crafted URI in the url para...
Alfresco Community Edition
1 EDB exploit
NA
CVE-2023-49964
An issue exists in Hyland Alfresco Community Edition up to and including 7.2.0. By inserting malicious content in the folder.get.html.ftl file, an attacker may perform SSTI (Server-Side Template Injection) attacks, which can leverage FreeMarker exposed objects to bypass restricti...
Hyland Alfresco Content Services
1 Github repository
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »