CVE-2014-2939

Alfresco < 4.1.6 - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in Alfresco Enterprise before 4.1.6.13 allow remote attackers to inject arbitrary web script or HTML via (1) an XHTML document, (2) a <% tag, or (3) the taskId parameter to share/page/task-edit.

References (1)

[US Government Resource] http://www.kb.cert.org/vuls/id/537684

Scores

EPSS 0.0059

EPSS Percentile 68.9%

Details

CWE

CWE-79

Status published

Products (2)

alfresco/alfresco < 4.1.6

n/a/n/a

Published Jun 02, 2014

Tracked Since Feb 18, 2026