alfresco

Top products

The 15 most recently published vulnerabilities affecting alfresco.

• CVE-2026-3967Alfresco Activiti Process Variable Serialization System SerializableType.java createObjectInputStream deserialization6.3Mar 12, 2026
• CVE-2020-18327Cross Site Scripting (XSS) vulnerability exists in Alfresco Alfresco Community Edition v5.2.0 via the action parameter in the alfresco/s/admin/admin-nodebrowser API. Fixed in v6.26.1Mar 4, 2022
• CVE-2021-41792An issue was discovered in Hyland org.alfresco:alfresco-content-services through 6.2.2.18 and org.alfresco:alfresco-transform-services through 1.3. A crafted HTML file, once uploaded, could trigger...5.3Oct 21, 2021
• CVE-2021-41791An issue was discovered in Hyland org.alfresco:share through 7.0.0.2 and org.alfresco:community-share through 7.0. An evasion of the XSS filter for HTML input validation in the Alfresco Share User ...5.4Oct 21, 2021
• CVE-2021-41790An issue was discovered in Hyland org.alfresco:alfresco-content-services through 7.0.1.2. Script Action execution allows executing scripts uploaded outside of the Data Dictionary. This could allow ...8.8Oct 21, 2021
• CVE-2020-15181Admin account takeover in Alfresco Reset Password9.3Sep 18, 2020
• CVE-2020-25728The Reset Password add-on before 1.2.0 for Alfresco has a broken algorithm (involving an increment) that allows a malicious user to change any user's account password include the admin account.8.8Sep 17, 2020
• CVE-2020-8778Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via an uploaded document, when the attacker has write access to a project.5.4Mar 2, 2020
• CVE-2020-8777Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via a user profile photo, as demonstrated by a SCRIPT element in an SVG document.5.4Mar 2, 2020
• CVE-2020-8776Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via the URL property of a file.5.4Mar 2, 2020
• CVE-2019-19496Alfresco Enterprise before 5.2.5 allows stored XSS via an uploaded HTML document.5.4Dec 2, 2019
• CVE-2019-14223An issue was discovered in Alfresco Community Edition versions below 5.2.6, 6.0.N and 6.1.N. The Alfresco Share application is vulnerable to an Open Redirect attack via a crafted POST request. By m...6.1Sep 6, 2019
• CVE-2019-14222An issue was discovered in Alfresco Community Edition versions 6.0 and lower. An unauthenticated, remote attacker could authenticate to Alfresco's Solr Web Admin Interface. The vulnerability is due...9.8Sep 5, 2019
• CVE-2019-14224An issue was discovered in Alfresco Community Edition 5.2 201707. By leveraging multiple components in the Alfresco Software applications, an exploit chain was observed that allows an attacker to a...7.2Sep 5, 2019
• CVE-2019-15566The Alfresco application before 1.8.7 for Android allows SQL injection in HistorySearchProvider.java.9.8Aug 26, 2019