Alfresco is a collection of information management software products for Microsoft Windows and Unix-like operating systems developed by Alfresco Software Inc. using Java technology.
Reflected Cross Site Scripting (XSS) vulnerability exists in Alfresco Community Edition v5.2.0 via the action parameter in the alfresco/s/admin/admin-nodebrowser API, which allows a remote attacker to inject arbitrary JavaScript.
Date: 03 March 2022
Software Link: https://www.alfresco.com
Exploit Author: Chakrit Sangsakul, Pongpol Phaiaroonrut, Thanavit Chongsutakawewong
CVE: CVE-2020-18327 \