CVE-2021-41791

Cross-site scripting filter evasion in Alfresco Content Services

Discovered by Jack Misiura and Stefano Lanaro on behalf of The Missing Link Security

Vulnerability Details

The attack allows threat actors to bypass the various cross-site scripting filter protections, allowing for stored cross-site scripting attacks to be launched against the web application.

Affected Versions

5.0.x.x up to (including) 5.2.7.11

6.0.0.x up to (including) 6.2.2.4

6.0.x.x up to (including) 6.0.1.2

6.1.x.x up to (including) 6.1.1.2

7.0, 7.0.0.1, 7.0.0.2, 7.0.1.0 up to (including 7.0.1.2)

Community – prior to (including) 7.0

Fixed Versions

Either upgrade to Alfresco Content Services 7.1 or install appropriate hotfix for older versions.

Latest News