CVE-2024-40347

A reflected cross-site scripting (XSS) vulnerability in Hyland Alfresco Platform 23.2.1-r96 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the parameter htmlid.
Configurations

Configuration 1 (hide)

cpe:2.3:a:hyland:alfresco_content_services:*:*:*:*:*:*:*:*

History

21 Nov 2024, 09:31

Type Values Removed Values Added
References () https://github.com/4rdr/proofs/blob/main/info/Alfresco_Reflected_XSS_via_htmlid_parameter.md - Exploit, Third Party Advisory () https://github.com/4rdr/proofs/blob/main/info/Alfresco_Reflected_XSS_via_htmlid_parameter.md - Exploit, Third Party Advisory

22 Aug 2024, 18:37

Type Values Removed Values Added
First Time Hyland
Hyland alfresco Content Services
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.1
CPE cpe:2.3:a:hyland:alfresco_content_services:*:*:*:*:*:*:*:*
References () https://github.com/4rdr/proofs/blob/main/info/Alfresco_Reflected_XSS_via_htmlid_parameter.md - () https://github.com/4rdr/proofs/blob/main/info/Alfresco_Reflected_XSS_via_htmlid_parameter.md - Exploit, Third Party Advisory
CWE CWE-79

22 Jul 2024, 13:00

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad reflejada de Cross Site Scripting (XSS) en Hyland Alfresco Platform 23.2.1-r96 permite a los atacantes ejecutar código arbitrario en el contexto del navegador de un usuario mediante la inyección de un payload manipulado en el parámetro htmlid.

20 Jul 2024, 04:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-20 04:15

Updated : 2024-11-21 09:31


NVD link : CVE-2024-40347

Mitre link : CVE-2024-40347

CVE.ORG link : CVE-2024-40347


JSON object : View

Products Affected

hyland

  • alfresco_content_services
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')