Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via the URL property of a file.
{
"severity": "Medium",
"cpes": [
"cpe:2.3:a:alfresco:alfresco:*:*:*:*:community:*:*:*",
"cpe:2.3:a:alfresco:alfresco:*:*:*:*:enterprise:*:*:*"
]
}