CVE-2024-41878

2024-08-2317:15:09

CWE-79

[email protected]

web.nvd.nist.gov

adobe experience manager

cross-site scripting

user interaction

dom-based

browser session

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

18.1%

JSON

Adobe Experience Manager versions 6.5.19 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to inject and execute arbitrary JavaScript code within the context of the user’s browser session. Exploitation of this issue requires user interaction, such as convincing a victim to click on a malicious link.

Affected configurations

Nvd

Node

adobeexperience_managerRange<6.5.20.0

adobeexperience_managerRange<2024.03aem_cloud_service

VendorProductVersionCPE
adobeexperience_manager*cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
adobeexperience_manager*cpe:2.3:a:adobe:experience_manager:*:*:*:*:aem_cloud_service:*:*:*

Vendor	Product	Version	CPE
adobe	experience_manager	*	cpe:2.3:a:adobe:experience_manager::::::::
adobe	experience_manager	*	cpe:2.3:a:adobe:experience_manager:::::aem_cloud_service:::*