An issue exists in Alfresco Community Edition versions below 5.2.6, 6.0.N and 6.1.N. The Alfresco Share application is vulnerable to an Open Redirect attack via a crafted POST request. By manipulating the POST parameters, an attacker can redirect a victim to a malicious website over any protocol the attacker desires (e.g.,http, https, ftp, smb, etc.).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
alfresco alfresco 6.0 |
||
alfresco alfresco |
||
alfresco alfresco 6.1 |