PT-2022-8593 · Alfresco · Alfresco Community Edition

Published

2022-03-04

Updated

2024-03-06

CVE-2020-18327

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Alfresco Community Edition versions 5.2.0 through 6.1

Description A Cross Site Scripting (XSS) issue exists via the action parameter in the "alfresco/s/admin/admin-nodebrowser" API endpoint. This allows for potential exploitation. The issue is fixed in version 6.2.

Recommendations For Alfresco Community Edition versions 5.2.0 through 6.1, update to version 6.2 to resolve the issue. As a temporary workaround, consider restricting access to the "alfresco/s/admin/admin-nodebrowser" API endpoint until a patch is available.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

BIT-ALFRESCO-2020-18327

CVE-2020-18327

Affected Products

Alfresco Community Edition

PT-2022-8593 · Alfresco · Alfresco Community Edition

CVE-2020-18327

Weakness Enumeration

Related Identifiers

Affected Products

References · 7