PT-2021-23405 · Alfresco · Alfresco Share+1

Jack Misiura

Published

2021-10-21

Updated

2021-10-27

CVE-2021-41791

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions org.alfresco:share versions through 7.0.0.2 org.alfresco:community-share versions through 7.0

Description The issue is related to an evasion of the XSS filter for HTML input validation in the Alfresco Share User Interface, leading to stored XSS. This could be exploited by an attacker with privileges on the content collaboration features.

Recommendations For org.alfresco:share versions through 7.0.0.2, update to a version that fixes the evasion of the XSS filter. For org.alfresco:community-share versions through 7.0, update to a version that fixes the evasion of the XSS filter. As a temporary workaround, consider restricting access to the Alfresco Share User Interface to minimize the risk of exploitation.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2021-41791

Affected Products

Alfresco Community Share

Alfresco Share

PT-2021-23405 · Alfresco · Alfresco Share+1

CVE-2021-41791

Weakness Enumeration

Related Identifiers

Affected Products

References · 4