Arbitrary Code Execution Vulnerability in Hyland Alfresco Platform
CVE-2024-40347

6.1MEDIUM

Key Information:

Vendor: Hyland Alfresco Platform
Status: Alfresco Content Services
Vendor: CVE Published:; 20 July 2024

What is CVE-2024-40347?

A reflected cross-site scripting (XSS) vulnerability in Hyland Alfresco Platform 23.2.1-r96 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the parameter htmlid.

References

https://github.com/4rdr/proofs/blob/main/info/Alfresco_Re...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 20, 2024
Vulnerability Reserved
Jul 5, 2024