VYPR

Alfresco Community

by Hyland

CVEs (3)

  • CVE-2023-49964HigDec 11, 2023
    risk 0.60cvss 8.8epss 0.35

    An issue was discovered in Hyland Alfresco Community Edition through 7.2.0. By inserting malicious content in the folder.get.html.ftl file, an attacker may perform SSTI (Server-Side Template Injection) attacks, which can leverage FreeMarker exposed objects to bypass restrictions…

  • CVE-2025-0557MedJan 18, 2025
    risk 0.28cvss 4.3epss 0.01

    A vulnerability classified as problematic has been found in Hyland Alfresco Community Edition and Alfresco Enterprise Edition up to 6.2.2. This affects an unknown part of the file /share/s/ of the component URL Handler. The manipulation leads to cross site scripting. It is…

  • CVE-2026-26336Feb 19, 2026
    risk 0.00cvss epss 0.00

    Hyland Alfresco allows unauthenticated attackers to read arbitrary files from protected directories (like WEB-INF) via the "/share/page/resource/" endpoint, thus leading to the disclosure of sensitive configuration files.