VYPR

Community Edition

by Alfresco

CVEs (26)

  • CVE-2019-25367MedFeb 15, 2026
    risk 0.35cvss 5.4epss 0.00

    ArangoDB Community Edition 3.4.2-1 contains multiple cross-site scripting vulnerabilities in the Aardvark web admin interface (index.html) through search, user management, and API parameters. Attackers can inject scripts via parameters in /_db/_system/_admin/aardvark/index.html…

  • CVE-2025-12547LowOct 31, 2025
    risk 0.24cvss 3.7epss 0.01

    A vulnerability was identified in LogicalDOC Community Edition up to 9.2.1. This vulnerability affects unknown code of the file /login.jsp of the component Admin Login Page. Such manipulation leads to improper restriction of excessive authentication attempts. The attack can be…

  • CVE-2025-12546LowOct 31, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was determined in LogicalDOC Community Edition up to 9.2.1. This affects an unknown part of the component API Key creation UI. This manipulation causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly disclosed…

  • CVE-2025-11946LowOct 19, 2025
    risk 0.23cvss 3.5epss 0.00

    A security flaw has been discovered in LogicalDOC Community Edition up to 9.2.1. This issue affects some unknown processing of the file /frontend.jsp of the component Add Contact Page. Performing manipulation of the argument First Name/Last Name/Company/Address/Phone/Mobile…

  • CVE-2019-14223Sep 6, 2019
    risk 0.04cvss epss 0.04

    An issue was discovered in Alfresco Community Edition versions below 5.2.6, 6.0.N and 6.1.N. The Alfresco Share application is vulnerable to an Open Redirect attack via a crafted POST request. By manipulating the POST parameters, an attacker can redirect a victim to a malicious…

  • CVE-2020-8778Mar 2, 2020
    risk 0.03cvss epss 0.03

    Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via an uploaded document, when the attacker has write access to a project.

  • CVE-2020-8777Mar 2, 2020
    risk 0.03cvss epss 0.03

    Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via a user profile photo, as demonstrated by a SCRIPT element in an SVG document.

  • CVE-2020-8776Mar 2, 2020
    risk 0.03cvss epss 0.03

    Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via the URL property of a file.

  • CVE-2014-9302Dec 7, 2014
    risk 0.03cvss epss 0.02

    Server-side request forgery (SSRF) vulnerability in the cmisbrowser servlet in Content Management Interoperability Service (CMIS) in Alfresco Community Edition 5.0.a and earlier allows remote attackers to trigger outbound requests via a crafted URI in the url parameter.

  • CVE-2014-9301Dec 7, 2014
    risk 0.03cvss epss 0.04

    Server-side request forgery (SSRF) vulnerability in the proxy servlet in Alfresco Community Edition before 5.0.a allows remote attackers to trigger outbound requests to intranet servers, conduct port scans, and read arbitrary files via a crafted URI in the endpoint parameter.

  • CVE-2025-57244Nov 5, 2025
    risk 0.00cvss epss 0.00

    OpenKM Community Edition 6.3.12 is vulnerable to stored cross-site scripting (XSS) in the user account creation interface. The Name field accepts script tags and the Email field is vulnerable when the POST request is modified to include encoded script tags, by passing frontend…

  • CVE-2024-24506Apr 3, 2024
    risk 0.00cvss epss 0.01

    Cross Site Scripting (XSS) vulnerability in Lime Survey Community Edition Version v.5.3.32+220817, allows remote attackers to execute arbitrary code via the Administrator email address parameter in the General Setting function.

  • CVE-2023-39004Aug 9, 2023
    risk 0.00cvss epss 0.01

    Insecure permissions in the configuration directory (/conf/) of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allow attackers to access sensitive information (e.g., hashed root password) which could lead to privilege escalation.

  • CVE-2023-39003Aug 9, 2023
    risk 0.00cvss epss 0.01

    OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 was discovered to contain insecure permissions in the directory /tmp.

  • CVE-2023-38060Jul 24, 2023
    risk 0.00cvss epss 0.01

    Improper Input Validation vulnerability in the ContentType parameter for attachments on TicketCreate or TicketUpdate operations of the OTRS Generic Interface modules allows any authenticated attacker to to perform an host header injection for the ContentType header of the…

  • CVE-2023-1250Mar 20, 2023
    risk 0.00cvss epss 0.00

    Improper Input Validation vulnerability in OTRS AG OTRS (ACL modules), OTRS AG ((OTRS)) Community Edition (ACL modules) allows Local Execution of Code. When creating/importing an ACL it was possible to inject code that gets executed via manipulated comments and ACL-names This…

  • CVE-2023-1248Mar 20, 2023
    risk 0.00cvss epss 0.00

    Improper Input Validation vulnerability in OTRS AG OTRS (Ticket Actions modules), OTRS AG ((OTRS)) Community Edition (Ticket Actions modules) allows Cross-Site Scripting (XSS).This issue affects OTRS: from 7.0.X before 7.0.42; ((OTRS)) Community Edition: from 6.0.1 through…

  • CVE-2022-4427Dec 19, 2022
    risk 0.00cvss epss 0.01

    Improper Input Validation vulnerability in OTRS AG OTRS, OTRS AG ((OTRS)) Community Edition allows SQL Injection via TicketSearch Webservice This issue affects OTRS: from 7.0.1 before 7.0.40 Patch 1, from 8.0.1 before 8.0.28 Patch 1; ((OTRS)) Community Edition: from 6.0.1…

  • CVE-2020-18327Mar 4, 2022
    risk 0.00cvss epss 0.01

    Cross Site Scripting (XSS) vulnerability exists in Alfresco Alfresco Community Edition v5.2.0 via the action parameter in the alfresco/s/admin/admin-nodebrowser API. Fixed in v6.2

  • CVE-2021-3628Aug 30, 2021
    risk 0.00cvss epss 0.01

    OpenKM Community Edition in its 6.3.10 version is vulnerable to authenticated Cross-site scripting (XSS). A remote attacker could exploit this vulnerability by injecting arbitrary code via de uuid parameter.

Page 1 of 2