Published: 02/03/2020 Updated: 24/05/2022

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

CVSS v3 Base Score: 5.4 | Impact Score: 2.7 | Exploitability Score: 2.3

VMScore: 355

Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N

Alfresco Enterprise prior to 5.2.7 and Alfresco Community prior to 6.2.0 (rb65251d6-b368) has XSS via the URL property of a file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
alfresco alfresco

# Exploit Title: Alfresco 524 - Persistent Cross-Site Scripting # Date: 2020-03-02 # Exploit Author: Romain LOISEL & Alexandre ZANNI (pwnby/noraj) - Pentesters from Orange Cyberdefense France # Vendor Homepage: wwwalfrescocom/ # Software Link: wwwalfrescocom/ecm-software # Version: Alfresco before 524 # Tested o ...

Alfresco version 524 suffers from multiple persistent cross site scripting vulnerabilities ...

CWE-79 https://gitlab.com/snippets/1937042 https://issues.alfresco.com/jira/browse/ALF-22110 http://packetstormsecurity.com/files/156599/Alfresco-5.2.4-Cross-Site-Scripting.html https://nvd.nist.gov https://www.exploit-db.com/exploits/48162

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-8776

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect