CVE-2025-0557 MEDIUM

CVE-2025-0557: Hyland Alfresco Community Edition URL s cross site scripting

Vendor Hyland
Product Alfresco Community Edition
Weakness CWE-79 · XSS
Published January 18, 2025
Last update January 21, 2025
View on NVD All CVEs

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability classified as problematic has been found in Hyland Alfresco Community Edition and Alfresco Enterprise Edition up to 6.2.2. This affects an unknown part of the file /share/s/ of the component URL Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0 is able to address this issue. It is recommended to upgrade the affected component.

Key dates

02Disclosure timeline

January 18, 2025 CVE published
January 21, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-23434 WordPress Easy EU Cookie law plugin <= 1.3.3.1 - Stored Cross Site Scripting (XSS) vulnerability CVE-2020-15249 Stored XSS by authenticated backend user with access to upload files CVE-2023-0015 Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence (Web Intelligence) CVE-2024-30201 WordPress WP Smart Import plugin <= 1.0.4 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2025-53368 Citizen is vulnerable to stored XSS attack in the legacy search bar