Hyland Alfresco Content Services vulnerabilities
3 known vulnerabilities affecting hyland/alfresco_content_services.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2023-49964P2HIGHCVSS 8.8≤ 7.2.02023-12-11
CVE-2023-49964 [HIGH] CVE-2023-49964: An issue was discovered in Hyland Alfresco Community Edition through 7.2.0. By inserting malicious c
An issue was discovered in Hyland Alfresco Community Edition through 7.2.0. By inserting malicious content in the folder.get.html.ftl file, an attacker may perform SSTI (Server-Side Template Injection) attacks, which can leverage FreeMarker exposed objects to bypass restrictions and achieve RCE (Remote Code Execution). NOTE: this issue exists because of an in
nvd
CVE-2026-26336P3HIGHCVSS 7.5fixed in 25.3≥ 7.4.0, ≤ 7.4.2.5+2 more2026-02-19
CVE-2026-26336 [HIGH] CWE-863 CVE-2026-26336: Hyland Alfresco allows unauthenticated attackers to read arbitrary files from protected directories
Hyland Alfresco allows unauthenticated attackers to read arbitrary files from protected directories (like WEB-INF) via the "/share/page/resource/" endpoint, thus leading to the disclosure of sensitive configuration files.
nvd
CVE-2024-40347P4MEDIUMCVSS 6.1fixed in 23.32024-07-20
CVE-2024-40347 [MEDIUM] CWE-79 CVE-2024-40347: A reflected cross-site scripting (XSS) vulnerability in Hyland Alfresco Platform 23.2.1-r96 allows a
A reflected cross-site scripting (XSS) vulnerability in Hyland Alfresco Platform 23.2.1-r96 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the parameter htmlid.
nvd