Cross-Site Scripting Issue in Hyland Alfresco Community and Enterprise Editions
CVE-2025-0557

6.9MEDIUM

Key Information:

Vendor

Hyland

Status
Alfresco Community Edition
Alfresco Enterprise Edition
Vendor
CVE Published:
18 January 2025

What is CVE-2025-0557?

A cross-site scripting vulnerability has been identified in Hyland Alfresco Community Edition and Alfresco Enterprise Edition versions earlier than 6.2.2. The issue resides in an unprotected component of the file /share/s/, specifically within the URL Handler. This flaw allows remote attackers to execute malicious scripts in the context of the user's browser, potentially compromising user data and session information. To mitigate this vulnerability, it is strongly advised to upgrade to version 7.0 or later, which effectively addresses the security concerns.

Affected Version(s)

Alfresco Community Edition 6.2.0

Alfresco Community Edition 6.2.1

Alfresco Community Edition 6.2.2

References

https://vuldb.com/?id.292491
vdb-entry
https://vuldb.com/?ctiid.292491
signaturepermissions-required
https://vuldb.com/?submit.474306
third-party-advisory

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

erickfernandox (VulDB User)
.