Skip to main content

Alfresco CVE-2020-8777

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2020-03-02 cve@mitre.org
5.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.4 MEDIUM
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Mar 02, 2020 - 19:15 nvd
MEDIUM 5.4

DescriptionNVD

Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via a user profile photo, as demonstrated by a SCRIPT element in an SVG document.

AnalysisAI

Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via a user profile photo, as demonstrated by a SCRIPT element in an SVG document. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via a user profile photo, as demonstrated by a SCRIPT element in an SVG document. Affected products include: Alfresco. Version information: before 5.2.7.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2019-14222 CRITICAL POC
9.8 Sep 05

An issue was discovered in Alfresco Community Edition versions 6.0 and lower. Rated critical severity (CVSS 9.8), this v

CVE-2014-9301 MEDIUM POC
6.4 Dec 07

Server-side request forgery (SSRF) vulnerability in the proxy servlet in Alfresco Community Edition before 5.0.a allows

CVE-2019-14224 HIGH POC
7.2 Sep 05

An issue was discovered in Alfresco Community Edition 5.2 201707. Rated high severity (CVSS 7.2), this vulnerability is

CVE-2014-9300 MEDIUM POC
6.8 Dec 07

Cross-site request forgery (CSRF) vulnerability in the cmisbrowser servlet in Content Management Interoperability Servic

CVE-2019-14223 MEDIUM POC
6.1 Sep 06

An issue was discovered in Alfresco Community Edition versions below 5.2.6, 6.0.N and 6.1.N. Rated medium severity (CVSS

CVE-2019-15566 CRITICAL
9.8 Aug 26

The Alfresco application before 1.8.7 for Android allows SQL injection in HistorySearchProvider.java. Rated critical sev

CVE-2020-8778 MEDIUM POC
5.4 Mar 02

Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via an uploaded document,

CVE-2020-8776 MEDIUM POC
5.4 Mar 02

Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via the URL property of a

CVE-2019-19496 MEDIUM POC
5.4 Dec 02

Alfresco Enterprise before 5.2.5 allows stored XSS via an uploaded HTML document. Rated medium severity (CVSS 5.4), this

CVE-2015-3366 MEDIUM
5.8 Apr 21

Cross-site request forgery (CSRF) vulnerability in the Alfresco module before 6.x-1.3 for Drupal allows remote attackers

CVE-2014-2939 MEDIUM
4.3 Jun 02

Multiple cross-site scripting (XSS) vulnerabilities in Alfresco Enterprise before 4.1.6.13 allow remote attackers to inj

Share

CVE-2020-8777 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy