CVE-2014-2939

Name of the Vulnerable Software and Affected Versions Alfresco Enterprise versions prior to 4.1.6.13

Description The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting (XSS) attacks. This can be achieved through various means, including an XHTML document, a <% tag, or the taskId parameter to the "share/page/task-edit" endpoint.

Recommendations For versions prior to 4.1.6.13, update to version 4.1.6.13 or later to resolve the issue. As a temporary workaround, consider restricting access to the taskId parameter in the "share/page/task-edit" endpoint until a patch is applied. Avoid using the <% tag and ensure proper validation and sanitization of XHTML documents to minimize the risk of exploitation.