Lucene search

[email protected]NVD:CVE-2020-18327

HistoryMar 04, 2022 - 3:15 p.m.

CVE-2020-18327

2022-03-0415:15:08

CWE-79

[email protected]

web.nvd.nist.gov

alfresco

xss

vulnerability

fixed

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

30.0%

JSON

Cross Site Scripting (XSS) vulnerability exists in Alfresco Alfresco Community Edition v5.2.0 via the action parameter in the alfresco/s/admin/admin-nodebrowser API. Fixed in v6.2

Affected configurations

Nvd

Node

alfrescoalfrescoMatch5.2community

VendorProductVersionCPE
alfrescoalfresco5.2cpe:2.3:a:alfresco:alfresco:5.2:*:*:*:community:*:*:*

Vendor	Product	Version	CPE
alfresco	alfresco	5.2	cpe:2.3:a:alfresco:alfresco:5.2::::community:::

References

gist.github.com/paatui/a3c7ca8cf12594b437d3854f13d76cb8

www.cvedetails.com/vulnerability-list/vendor_id-13372/product_id-27784/opxss-1/Alfresco-Alfresco.html

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

30.0%

JSON

Related for NVD:CVE-2020-18327

osv1 cvelist1 cve1 prion1