CVE-2014-9300

Alfresco < 5.0.a - Cross-Site Request Forgery via CMIS Browser Servlet URL Parameter

Title source: llm
STIX 2.1

Description

Cross-site request forgery (CSRF) vulnerability in the cmisbrowser servlet in Content Management Interoperability Service (CMIS) in Alfresco Community Edition before 5.0.a allows remote attackers to hijack the authentication of users for requests that access unauthorized URLs and obtain user credentials via a URL in the url parameter.

Scores

EPSS 0.0063
EPSS Percentile 45.8%

Details

CWE
CWE-352
Status published
Products (1)
alfresco/alfresco < 5.0.a
Published Dec 07, 2014
Tracked Since Feb 18, 2026