Cross-Site Scripting Issue in Hyland Alfresco Community and Enterprise Editions
CVE-2025-0557
6.9MEDIUM
What is CVE-2025-0557?
A cross-site scripting vulnerability has been identified in Hyland Alfresco Community Edition and Alfresco Enterprise Edition versions earlier than 6.2.2. The issue resides in an unprotected component of the file /share/s/, specifically within the URL Handler. This flaw allows remote attackers to execute malicious scripts in the context of the user's browser, potentially compromising user data and session information. To mitigate this vulnerability, it is strongly advised to upgrade to version 7.0 or later, which effectively addresses the security concerns.
Affected Version(s)
Alfresco Community Edition 6.2.0
Alfresco Community Edition 6.2.1
Alfresco Community Edition 6.2.2
