CVE-2021-41791

An issue was discovered in Hyland org.alfresco:share through 7.0.0.2 and org.alfresco:community-share through 7.0. An evasion of the XSS filter for HTML input validation in the Alfresco Share User Interface leads to stored XSS that could be exploited by an attacker (given that he has privileges on the content collaboration features).
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:alfresco:community_share:*:*:*:*:*:*:*:*
cpe:2.3:a:alfresco:share:*:*:*:*:*:*:*:*
cpe:2.3:a:alfresco:share:*:*:*:*:*:*:*:*
cpe:2.3:a:alfresco:share:*:*:*:*:*:*:*:*
cpe:2.3:a:alfresco:share:*:*:*:*:*:*:*:*
cpe:2.3:a:alfresco:share:7.0:*:*:*:*:*:*:*
cpe:2.3:a:alfresco:share:7.0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:alfresco:share:7.0.0.2:*:*:*:*:*:*:*
cpe:2.3:a:alfresco:share:7.0.1:*:*:*:*:*:*:*

History

21 Nov 2024, 06:26

Type Values Removed Values Added
References () https://github.com/Alfresco/acs-packaging/blob/master/DISCLOSURES.md - Third Party Advisory () https://github.com/Alfresco/acs-packaging/blob/master/DISCLOSURES.md - Third Party Advisory
References () https://www.themissinglink.com.au/ - Third Party Advisory () https://www.themissinglink.com.au/ - Third Party Advisory

27 Oct 2021, 20:01

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : 3.5
v3 : 5.4
CPE cpe:2.3:a:alfresco:community_share:*:*:*:*:*:*:*:*
cpe:2.3:a:alfresco:share:7.0.0.2:*:*:*:*:*:*:*
cpe:2.3:a:alfresco:share:7.0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:alfresco:share:*:*:*:*:*:*:*:*
cpe:2.3:a:alfresco:share:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:alfresco:share:7.0:*:*:*:*:*:*:*
References (MISC) https://www.themissinglink.com.au/ - (MISC) https://www.themissinglink.com.au/ - Third Party Advisory
References (MISC) https://github.com/Alfresco/acs-packaging/blob/master/DISCLOSURES.md - (MISC) https://github.com/Alfresco/acs-packaging/blob/master/DISCLOSURES.md - Third Party Advisory
CWE CWE-79

21 Oct 2021, 09:15

Type Values Removed Values Added
New CVE

Information

Published : 2021-10-21 09:15

Updated : 2024-11-21 06:26


NVD link : CVE-2021-41791

Mitre link : CVE-2021-41791

CVE.ORG link : CVE-2021-41791


JSON object : View

Products Affected

alfresco

  • share
  • community_share
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')