Approved changes feed: RSS · Atom

cpe:2.3:a:alfresco:alfresco:*:*:*:*:enterprise:*:*:*

part: a version: * update: *

VendorAlfresco (b338720d-dfdf-5d10-a1a9-03dfedca0038)
ProductAlfresco (8c67c75f-906d-56ed-a53e-f29bc4184beb)
Edition*
Language*
Software editionenterprise
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2020-8778 vulnerable 2026-06-08 05:27:19.667551 Details available
Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via an uploaded document, when the attacker has write access to a project.
Published: 2020-03-02T18:30:13.000Z
Updated: 2024-08-04T10:12:10.551Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2020-8777 vulnerable 2026-06-08 05:27:19.667018 Details available
Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via a user profile photo, as demonstrated by a SCRIPT element in an SVG document.
Published: 2020-03-02T18:30:08.000Z
Updated: 2024-08-04T10:12:10.186Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2020-8776 vulnerable 2026-06-08 05:27:19.665516 Details available
Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via the URL property of a file.
Published: 2020-03-02T18:30:04.000Z
Updated: 2024-08-04T10:12:10.589Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2019-19496 vulnerable 2026-06-08 05:13:23.009541 Details available
Alfresco Enterprise before 5.2.5 allows stored XSS via an uploaded HTML document.
Published: 2019-12-02T03:01:53.000Z
Updated: 2024-08-05T02:16:48.206Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-2939 vulnerable 2026-06-08 05:05:30.482581 Details available
Multiple cross-site scripting (XSS) vulnerabilities in Alfresco Enterprise before 4.1.6.13 allow remote attackers to inject arbitrary web script or HTML via (1) an XHTML document, (2) a <% tag, or (3) the taskId parameter to share/page/task-edit.
Published: 2014-06-02T19:00:00.000Z
Updated: 2024-08-06T10:28:46.176Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.