← Back

CVE-2021-41791

nvd nist
Published: Oct 21, 2021Modified: Nov 21, 2024

JSON object

Loading...
5.4
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Exploitability: 2.3 / Impact: 2.7
Source: NVD

Description

An issue was discovered in Hyland org.alfresco:share through 7.0.0.2 and org.alfresco:community-share through 7.0. An evasion of the XSS filter for HTML input validation in the Alfresco Share User Interface leads to stored XSS that could be exploited by an attacker (given that he has privileges on the content collaboration features).

Affected (9)

Alfresco
2 products
Community Share
Share
Configuration A
9 vulnerable
Vulnerable SoftwareAffected Versions
Community Share
Up to 7.0
Alfresco
Share
From 5.0.0.0 to 5.2.7.11
Share
From 6.0.1.0 to 6.0.1.2
Share
From 6.0.2.0 to 6.2.2.4
Share
From 6.1.1.0 to 6.1.1.2
Share
Version 7.0.0.1
Share
Version 7.0.0.2
Share
Version 7.0.1
Share
Version 7.0

Related CWEs

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (4)

Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.