Alfresco Content Services

alfresco_content_services

Vendor: Hyland • 3 CVEs

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-26336 1Hyland 1Alfresco Content Services Mar 3, 2026 Feb 19, 2026 8.7 HIGH· v4 7.5 HIGH· v3 N/A· v2 Hyland Alfresco allows unauthenticated attackers to read arbitrary files from protected directories (like WEB-INF) via the "/share/page/resource/" endpoint, thus leading to the disclosure of sensitive configuration files...Show more Hyland Alfresco allows unauthenticated attackers to read arbitrary files from protected directories (like WEB-INF) via the "/share/page/resource/" endpoint, thus leading to the disclosure of sensitive configuration files.Show less
CVE-2024-40347 1Hyland 1Alfresco Content Services Mar 18, 2025 Jul 20, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 A reflected cross-site scripting (XSS) vulnerability in Hyland Alfresco Platform 23.2.1-r96 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the parameter...Show more A reflected cross-site scripting (XSS) vulnerability in Hyland Alfresco Platform 23.2.1-r96 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the parameter htmlid.Show less
CVE-2023-49964 1Hyland 1Alfresco Content Services Nov 21, 2024 Dec 11, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 An issue was discovered in Hyland Alfresco Community Edition through 7.2.0. By inserting malicious content in the folder.get.html.ftl file, an attacker may perform SSTI (Server-Side Template Injection) attacks, which can...Show more An issue was discovered in Hyland Alfresco Community Edition through 7.2.0. By inserting malicious content in the folder.get.html.ftl file, an attacker may perform SSTI (Server-Side Template Injection) attacks, which can leverage FreeMarker exposed objects to bypass restrictions and achieve RCE (Remote Code Execution). NOTE: this issue exists because of an incomplete fix for CVE-2020-12873.Show less