We found 3 different vulnerabilities in Alfresco Community Edition version 5.
1. Stored XSS
A stored XSS has been discovered in the task part.
While displaying the details of a task in a workflow, the data concerning the Owner are not properly sanitized. If the owner has placed an XSS in its name, the user viewing the page executes the code.
> page : page/task-details?taskId=activiti%[ID]&referrer=workflows
> injection in : Owner
2. Reflected XSS
An XSS injection is possible in the login page by using the error GET parameter.
> page : page/?error=[XSS_HERE]
> injection in : error GET parameter
3. Reflected XSS
> page : proxy/alfresco/slingshot/node/content/workspace/SpacesStore/[ID]/system-overview.html
> injection in : the file
If you need more details, don't hesitate to contact me.
When patched, we'd like to make a CVE.