Adobe Experience Manager versions 6.3, 6.2, and 6.1 are vulnerable to cross-site scripting via a bypass of the Sling XSSAPI#getValidHref function.
CPE | Name | Operator | Version |
---|---|---|---|
experience_manager | eq | 6.1.0 | |
experience_manager | eq | 6.2.0 | |
experience_manager | eq | 6.3.0 |