CVE-2014-9300
Alfresco < 5.0.a - Cross-Site Request Forgery via CMIS Browser Servlet URL Parameter
Title source: llmDescription
Cross-site request forgery (CSRF) vulnerability in the cmisbrowser servlet in Content Management Interoperability Service (CMIS) in Alfresco Community Edition before 5.0.a allows remote attackers to hijack the authentication of users for requests that access unauthorized URLs and obtain user credentials via a URL in the url parameter.
References (2)
Core 2
Core References
Exploit mailing-list
x_refsource_bugtraq
http://seclists.org/bugtraq/2014/Jul/72
Scores
EPSS
0.0063
EPSS Percentile
45.8%
Details
CWE
CWE-352
Status
published
Products (1)
alfresco/alfresco
< 5.0.a
Published
Dec 07, 2014
Tracked Since
Feb 18, 2026