Описание
An issue was discovered in Hyland org.alfresco:share through 7.0.0.2 and org.alfresco:community-share through 7.0. An evasion of the XSS filter for HTML input validation in the Alfresco Share User Interface leads to stored XSS that could be exploited by an attacker (given that he has privileges on the content collaboration features).
Ссылки
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 7.0 (включая)Версия от 5.0.0.0 (включая) до 5.2.7.11 (включая)Версия от 6.0.1.0 (включая) до 6.0.1.2 (включая)Версия от 6.0.2.0 (включая) до 6.2.2.4 (включая)Версия от 6.1.1.0 (включая) до 6.1.1.2 (включая)
Одно из
cpe:2.3:a:alfresco:community_share:*:*:*:*:*:*:*:*
cpe:2.3:a:alfresco:share:*:*:*:*:*:*:*:*
cpe:2.3:a:alfresco:share:*:*:*:*:*:*:*:*
cpe:2.3:a:alfresco:share:*:*:*:*:*:*:*:*
cpe:2.3:a:alfresco:share:*:*:*:*:*:*:*:*
cpe:2.3:a:alfresco:share:7.0:*:*:*:*:*:*:*
cpe:2.3:a:alfresco:share:7.0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:alfresco:share:7.0.0.2:*:*:*:*:*:*:*
cpe:2.3:a:alfresco:share:7.0.1:*:*:*:*:*:*:*
EPSS
Процентиль: 43%
0.00206
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
github
больше 3 лет назад
An issue was discovered in Hyland org.alfresco:share through 7.0.0.2 and org.alfresco:community-share through 7.0. An evasion of the XSS filter for HTML input validation in the Alfresco Share User Interface leads to stored XSS that could be exploited by an attacker (given that he has privileges on the content collaboration features).
EPSS
Процентиль: 43%
0.00206
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79