A reflected cross-site scripting (XSS) vulnerability in Hyland Alfresco Platform 23.2.1-r96 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the parameter htmlid.
References
Link | Resource |
---|---|
https://github.com/4rdr/proofs/blob/main/info/Alfresco_Reflected_XSS_via_htmlid_parameter.md | Exploit Third Party Advisory |
https://github.com/4rdr/proofs/blob/main/info/Alfresco_Reflected_XSS_via_htmlid_parameter.md | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 09:31
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/4rdr/proofs/blob/main/info/Alfresco_Reflected_XSS_via_htmlid_parameter.md - Exploit, Third Party Advisory |
22 Aug 2024, 18:37
Type | Values Removed | Values Added |
---|---|---|
First Time |
Hyland
Hyland alfresco Content Services |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
CPE | cpe:2.3:a:hyland:alfresco_content_services:*:*:*:*:*:*:*:* | |
References | () https://github.com/4rdr/proofs/blob/main/info/Alfresco_Reflected_XSS_via_htmlid_parameter.md - Exploit, Third Party Advisory | |
CWE | CWE-79 |
22 Jul 2024, 13:00
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
20 Jul 2024, 04:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-07-20 04:15
Updated : 2024-11-21 09:31
NVD link : CVE-2024-40347
Mitre link : CVE-2024-40347
CVE.ORG link : CVE-2024-40347
JSON object : View
Products Affected
hyland
- alfresco_content_services
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')