Bitnami package
alfresco
pkg:bitnami/alfresco
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-18327 | — | >= 5.2.0, <= 5.2.0 | — | Mar 4, 2022 | Cross Site Scripting (XSS) vulnerability exists in Alfresco Alfresco Community Edition v5.2.0 via the action parameter in the alfresco/s/admin/admin-nodebrowser API. Fixed in v6.2 | ||
| CVE-2020-8778 | — | < 5.2.7 | 5.2.7 | Mar 2, 2020 | Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via an uploaded document, when the attacker has write access to a project. | ||
| CVE-2020-8777 | — | < 5.2.7 | 5.2.7 | Mar 2, 2020 | Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via a user profile photo, as demonstrated by a SCRIPT element in an SVG document. | ||
| CVE-2020-8776 | — | < 5.2.7 | 5.2.7 | Mar 2, 2020 | Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via the URL property of a file. |
- CVE-2020-18327Mar 4, 2022affected >= 5.2.0, <= 5.2.0
Cross Site Scripting (XSS) vulnerability exists in Alfresco Alfresco Community Edition v5.2.0 via the action parameter in the alfresco/s/admin/admin-nodebrowser API. Fixed in v6.2
- CVE-2020-8778Mar 2, 2020affected < 5.2.7fixed 5.2.7
Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via an uploaded document, when the attacker has write access to a project.
- CVE-2020-8777Mar 2, 2020affected < 5.2.7fixed 5.2.7
Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via a user profile photo, as demonstrated by a SCRIPT element in an SVG document.
- CVE-2020-8776Mar 2, 2020affected < 5.2.7fixed 5.2.7
Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via the URL property of a file.