CVE-2020-8776

Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via the URL property of a file.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:alfresco:alfresco:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:alfresco:alfresco:*:*:*:*:community:*:*:*

History

21 Nov 2024, 05:39

Type Values Removed Values Added
References () http://packetstormsecurity.com/files/156599/Alfresco-5.2.4-Cross-Site-Scripting.html - Third Party Advisory, VDB Entry () http://packetstormsecurity.com/files/156599/Alfresco-5.2.4-Cross-Site-Scripting.html - Third Party Advisory, VDB Entry
References () https://gitlab.com/snippets/1937042 - Exploit, Third Party Advisory () https://gitlab.com/snippets/1937042 - Exploit, Third Party Advisory
References () https://issues.alfresco.com/jira/browse/ALF-22110 - Permissions Required, Vendor Advisory () https://issues.alfresco.com/jira/browse/ALF-22110 - Permissions Required, Vendor Advisory

Information

Published : 2020-03-02 19:15

Updated : 2024-11-21 05:39


NVD link : CVE-2020-8776

Mitre link : CVE-2020-8776

CVE.ORG link : CVE-2020-8776


JSON object : View

Products Affected

alfresco

  • alfresco
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')