Lucene search
K

Alfresco Share - Open Redirect

🗓️ 05 Jul 2026 03:01:21Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 26 Views

Alfresco Share - Open Redirect vulnerability via crafted POST request. Attackers can redirect users to a malicious site, leading to potential phishing attacks or sensitive info disclosur

Related
Refs
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2019-14223
26 Jan 202500:00
circl
CVE
CVE-2019-14223
6 Sep 201916:04
cve
Cvelist
CVE-2019-14223
6 Sep 201916:04
cvelist
NVD
CVE-2019-14223
6 Sep 201917:15
nvd
OSV
CVE-2019-14223
6 Sep 201917:15
osv
Prion
Open redirect
6 Sep 201917:15
prion
RedhatCVE
CVE-2019-14223
22 May 202508:07
redhatcve
VulnCheck KEV
VulnCheck KEV: CVE-2019-14223
22 Jan 202400:00
vulncheck_kev
id: CVE-2019-14223

info:
  name: Alfresco Share - Open Redirect
  author: pdteam
  severity: medium
  description: Alfresco Share before 5.2.6, 6.0.N and 6.1.N contains an open redirect vulnerability via a crafted POST request. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
  impact: |
    An attacker can trick users into visiting a malicious website, leading to potential phishing attacks or the disclosure of sensitive information.
  remediation: |
    Apply the latest security patches or updates provided by Alfresco to fix the open redirect vulnerability.
  reference:
    - https://community.alfresco.com/content?filterID=all~objecttype~thread%5Bquestions%5D
    - https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-14223-Open%20Redirect%20in%20Alfresco%20Share-Alfresco%20Community
    - https://nvd.nist.gov/vuln/detail/CVE-2019-14223
    - https://github.com/ARPSyndicate/kenzer-templates
    - https://github.com/Elsfa7-110/kenzer-templates
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2019-14223
    cwe-id: CWE-601
    epss-score: 0.04474
    epss-percentile: 0.90298
    cpe: cpe:2.3:a:alfresco:alfresco:*:*:*:*:community:*:*:*
  metadata:
    max-request: 1
    vendor: alfresco
    product: alfresco
  tags: cve,cve2019,redirect,alfresco,vkev,vuln

http:
  - method: POST
    path:
      - '{{BaseURL}}/share/page/dologin'

    body: |
      success=%2Fshare%2Fpage%2F&failure=:\\interact.sh&username=baduser&password=badpass

    headers:
      Content-Type: application/x-www-form-urlencoded
    matchers:
      - type: regex
        part: header
        regex:
          - "(?m)^(?:Location\\s*:\\s*)(?:https?://|//|\\\\)?(?:[a-zA-Z0-9\\-_]*\\.)?interact\\.sh(?:\\s*)$"
# digest: 4a0a00473045022100a33ebac11504aa61a5ee0ce2bd143da3846475ce72620bfaeb3ec918b3d3ca190220011e7a1428333df93b2f93ce11ae58b8c92b17b93dea2824ea26b10203b9a53d:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
6.4Medium risk
Vulners AI Score6.4
CVSS 25.8
CVSS 3.16.1
EPSS0.04474
26