BIG-IP, Enterprise Manager Security Vulnerabilities

CVE-2024-36220 DOM XSS in `libs/cq/gui/components/siteadmin/admin/foundpages/clientlibs/predicatebreadcrumbs.js`

Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue requires...

CVE-2024-36204 AMS XSS - /libs/dam/gui/coral/components/admin/folderschemaforms/clientlibs/folderschemaforms/js/formdetails.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36204 AMS XSS - /libs/dam/gui/coral/components/admin/folderschemaforms/clientlibs/folderschemaforms/js/formdetails.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36215 AMS XSS - /libs/granite/operations/clientlibs/maintenance/js/maintenance-tasks.js (JS)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36215 AMS XSS - /libs/granite/operations/clientlibs/maintenance/js/maintenance-tasks.js (JS)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-26053 DOM XSS in `/libs/cq/personalization/touch-ui/clientlibs/audiences/newFolder.js`

Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue requires...

CVE-2024-26053 DOM XSS in `/libs/cq/personalization/touch-ui/clientlibs/audiences/newFolder.js`

Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue requires...

CVE-2024-36217 AMS XSS - /libs/granite/oauth/clientlibs/oauth/js/oauth.js (JS)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36217 AMS XSS - /libs/granite/oauth/clientlibs/oauth/js/oauth.js (JS)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36147 AMS XSS - /libs/cq/experience-fragments/components/xfconfigpathbrowser/clientlib/clientlib.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36147 AMS XSS - /libs/cq/experience-fragments/components/xfconfigpathbrowser/clientlib/clientlib.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36196 Stored XSS in `libs/dam/components/scene7/dynamicmedia/clientlibs/dynamicmedia/js/init.js`

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36196 Stored XSS in `libs/dam/components/scene7/dynamicmedia/clientlibs/dynamicmedia/js/init.js`

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36154 AMS XSS - /libs/social/enablement/components/clientlibs/assetselector/assetselector.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36154 AMS XSS - /libs/social/enablement/components/clientlibs/assetselector/assetselector.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36175 AMS XSS - /libs/cq/gui/components/siteadmin/admin/components/clientlibs/js/liveusage.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36175 AMS XSS - /libs/cq/gui/components/siteadmin/admin/components/clientlibs/js/liveusage.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36205 AMS XSS - /libs/dam/gui/coral/components/admin/folderschemaforms/formbuilder/v2/clientlibs/js/formdetails.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36205 AMS XSS - /libs/dam/gui/coral/components/admin/folderschemaforms/formbuilder/v2/clientlibs/js/formdetails.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36179 AMS XSS - /libs/cq/inbox/gui/components/inbox/clientlibs/inbox/js/inbox.header.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36179 AMS XSS - /libs/cq/inbox/gui/components/inbox/clientlibs/inbox/js/inbox.header.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-26092 AMS XSS - /libs/cq/experience-fragments/components/experiencefragment/clientlibs/xfconsole/xfconsole.js (js)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-26092 AMS XSS - /libs/cq/experience-fragments/components/experiencefragment/clientlibs/xfconsole/xfconsole.js (js)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-26093 AMS XSS - /libs/cq/gui/components/projects/admin/clientlibs/taskmanagement/js/taskmanagement.js (JS)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's...

CVE-2024-26093 AMS XSS - /libs/cq/gui/components/projects/admin/clientlibs/taskmanagement/js/taskmanagement.js (JS)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's...

CVE-2024-36192 Stored XSS in `libs/dam/gui/components/s7dam/profiles/videoprofiles/clientlibs/videoprofiles/editprofile.js`

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36207 AMS XSS - /libs/cq/address/components/addressbook/clientlib/addressbook.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36192 Stored XSS in `libs/dam/gui/components/s7dam/profiles/videoprofiles/clientlibs/videoprofiles/editprofile.js`

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36207 AMS XSS - /libs/cq/address/components/addressbook/clientlib/addressbook.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-26123 AMS XSS - /libs/fd/fm/gui/components/admin/adddictionary/clientlibs/js/adddictionary.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-26095 AMS XSS - /libs/cq/gui/components/projects/admin/taskdetails/clientlibs/js/taskdetails.js (JS)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-26095 AMS XSS - /libs/cq/gui/components/projects/admin/taskdetails/clientlibs/js/taskdetails.js (JS)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36189 Stored XSS in `libs/granite/ui/components/coral/foundation/clientlibs/foundation/js/form/response/ui/success/foundation.redirect.js`

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36189 Stored XSS in `libs/granite/ui/components/coral/foundation/clientlibs/foundation/js/form/response/ui/success/foundation.redirect.js`

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36234 DOM XSS in `libs/cq/gui/components/projects/admin/pim/clientlibs/shotlist/js/shotlist.js`

Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically requires...

CVE-2024-36234 DOM XSS in `libs/cq/gui/components/projects/admin/pim/clientlibs/shotlist/js/shotlist.js`

Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically requires...

CVE-2024-36143 AMS XSS - /libs/fd/dashboard/tm/gui/components/startpoint/formview/formview.jsp (retest of 2120595 - not fixed)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36143 AMS XSS - /libs/fd/dashboard/tm/gui/components/startpoint/formview/formview.jsp (retest of 2120595 - not fixed)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36188 Stored XSS in `libs/cq/gui/components/common/wcm/clientlibs/wcm/js/pagethumbnail.js`

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36188 Stored XSS in `libs/cq/gui/components/common/wcm/clientlibs/wcm/js/pagethumbnail.js`

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36181 DOM XSS in `libs/dam/gui/components/s7dam/smartcroprenditions/clientlibs/smartcroprenditions/smartcroplist.js`

Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue requires user...

CVE-2024-36181 DOM XSS in `libs/dam/gui/components/s7dam/smartcroprenditions/clientlibs/smartcroprenditions/smartcroplist.js`

Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue requires user...

CVE-2024-36190 DOM XSS in `libs/granite/security/clientlibs/v2/groupeditor/js/GroupEditor.js`

Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically requires...

CVE-2024-36190 DOM XSS in `libs/granite/security/clientlibs/v2/groupeditor/js/GroupEditor.js`

Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically requires...

CVE-2024-36231 DOM XSS in `/libs/granite/ui/components/coral/foundation/clientlibs/foundation/js/content/history.js`

Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically...

CVE-2024-36231 DOM XSS in `/libs/granite/ui/components/coral/foundation/clientlibs/foundation/js/content/history.js`

Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically...

CVE-2024-36170 AMS XSS - /libs/fd/fm/gui/components/admin/changeguidetemplate/clientlibs/changeguidetemplate/js/changeguidetemplate.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36170 AMS XSS - /libs/fd/fm/gui/components/admin/changeguidetemplate/clientlibs/changeguidetemplate/js/changeguidetemplate.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36171 AMS XSS - /libs/cq/experience-fragments/components/admin/smlogin/clientlib/smlogin.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36201 AMS XSS - /libs/fd/fm/gui/components/admin/clientlibs/admin/js/admin.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...