CVE-2021-41971

Cross-site scripting filter evasion in Alfresco Content Services

Discovered by Jack Misiura and Stefano Lanaro on behalf of The Missing Link Security

Vulnerability Details

The attack allows threat actors to bypass the various cross-site scripting filter protections, allowing for stored cross-site scripting attacks to be launched against the web application.

Affected Versions

5.0.x.x up to (including) 5.2.7.11

6.0.0.x up to (including) 6.2.2.4

6.0.x.x up to (including) 6.0.1.2

6.1.x.x up to (including) 6.1.1.2

7.0, 7.0.0.1, 7.0.0.2, 7.0.1.0 up to (including 7.0.1.2)

Community – prior to (including) 7.0

Fixed Versions

Either upgrade to Alfresco Content Services 7.1 or install appropriate hotfix for older versions.

Latest News

5 Microsoft Power Platform Benefits That Will Transform Your Business

5 Key Takeaways from Early Adopters of Microsoft 365 Copilot

The Missing Link is recognised as Premier Service Delivery Partner by Netskope

See All News