Contact Forms – Drag & Drop Contact Form Builder Security Vulnerabilities

CVE-2024-20769

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-20769

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

Ukraine Police Arrest Suspect Linked to LockBit and Conti Ransomware Groups

The Cyber Police of Ukraine has announced the arrest of a local man who is suspected to have offered their services to LockBit and Conti ransomware groups. The unnamed 28-year-old native of the Kharkiv region allegedly specialized in the development of crypters to encrypt and obfuscate malicious...

CVE-2024-36213 AMS XSS - /libs/dam/gui/components/admin/assetpicker/demo/clientlibs/demo/js/demo.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36213 AMS XSS - /libs/dam/gui/components/admin/assetpicker/demo/clientlibs/demo/js/demo.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36150 AMS JS - /libs/mcm/campaign/components/touch-ui/clientlibs/core/js/PlaintextGenerator.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36150 AMS JS - /libs/mcm/campaign/components/touch-ui/clientlibs/core/js/PlaintextGenerator.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-26037 DOM XSS in `libs/cq/gui/components/projects/admin/translation/job/accepttranslation/clientlibs/js/accepttranslation.js`

Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically...

CVE-2024-26037 DOM XSS in `libs/cq/gui/components/projects/admin/translation/job/accepttranslation/clientlibs/js/accepttranslation.js`

Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically...

CVE-2024-36156 AMS XSS - /libs/cq/gui/components/coral/common/admin/timeline/clientlibs/timeline/js/events.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36156 AMS XSS - /libs/cq/gui/components/coral/common/admin/timeline/clientlibs/timeline/js/events.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36229 DOM XSS in `/libs/granite/ui/components/coral/foundation/clientlibs/foundation/js/collection/action/action/foundation.pushstate.js`

Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically...

CVE-2024-36229 DOM XSS in `/libs/granite/ui/components/coral/foundation/clientlibs/foundation/js/collection/action/action/foundation.pushstate.js`

Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically...

CVE-2024-20769 AMS XSS - /libs/cq/gui/components/projects/admin/translation/customsearch/assettype/clientlibs/assettype/js/assettype.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-20769 AMS XSS - /libs/cq/gui/components/projects/admin/translation/customsearch/assettype/clientlibs/assettype/js/assettype.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36157 AMS XSS - /libs/granite/ui/components/shell/clientlibs/shell/js/badge.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36157 AMS XSS - /libs/granite/ui/components/shell/clientlibs/shell/js/badge.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-26082 Stored XSS in `libs/cq/gui/components/common/admin/managepublication/clientlibs/managepublication/js/managepublication.js`

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-34120 AMS XSS - /libs/cq/searchpromote/components/linklist/facetcontent.jsp (retest of 1914167 - not fixed)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-34120 AMS XSS - /libs/cq/searchpromote/components/linklist/facetcontent.jsp (retest of 1914167 - not fixed)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-26082 Stored XSS in `libs/cq/gui/components/common/admin/managepublication/clientlibs/managepublication/js/managepublication.js`

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-26088 AMS XSS - /libs/dam/cfm/admin/clientlibs/adminpage/actions/js/managepublication.js (JS)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36224 DOM XSS in `/libs/dam/gui/coral/components/admin/customsearch/savedsearch/actiondialogs/clientlibs/actiondialogs/dialogs.js`

Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically...

CVE-2024-36224 DOM XSS in `/libs/dam/gui/coral/components/admin/customsearch/savedsearch/actiondialogs/clientlibs/actiondialogs/dialogs.js`

Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically...

CVE-2024-36225 AMS XSS - /libs/dam/gui/components/admin/commons/redirecttopreviouspage/clientlibs/redirecttopreviouspage/js/redirecttopreviouspage.js (js)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36225 AMS XSS - /libs/dam/gui/components/admin/commons/redirecttopreviouspage/clientlibs/redirecttopreviouspage/js/redirecttopreviouspage.js (js)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-26110 Cloud Services - /libs/cq/contexthub/components/new-segment/clientlib/wizard.new-segment.js (JS)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-26110 Cloud Services - /libs/cq/contexthub/components/new-segment/clientlib/wizard.new-segment.js (JS)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36153 AMS XSS - /libs/cq/personalization/touch-ui/clientlibs/audiences/newFolder.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36153 AMS XSS - /libs/cq/personalization/touch-ui/clientlibs/audiences/newFolder.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36160 AMS XSS - /libs/fd/af/authoring/clientlibs/guideCommonAuthoring/js/GuidePanelEdit.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36160 AMS XSS - /libs/fd/af/authoring/clientlibs/guideCommonAuthoring/js/GuidePanelEdit.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-26075 Stored XSS in `libs/dam/cfm/admin/clientlibs/v2/authoring/contenteditor/unique.js`

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-26075 Stored XSS in `libs/dam/cfm/admin/clientlibs/v2/authoring/contenteditor/unique.js`

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36230 DOM XSS in `/libs/dam/gui/coral/components/admin/welcome/clientlibs/welcome/js/welcome.js`

Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically requires...

CVE-2024-36230 DOM XSS in `/libs/dam/gui/coral/components/admin/welcome/clientlibs/welcome/js/welcome.js`

Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically requires...

CVE-2024-26074 Stored XSS in `libs/dam/cfm/models/editor/components/fragmentreference/clientlibs/modeleditor/js/defaultValue.js`

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36144 AMS XSS - /libs/cq/searchpromote/components/sorting/sorting.jsp (retest of 2001313 - not fixed)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-26074 Stored XSS in `libs/dam/cfm/models/editor/components/fragmentreference/clientlibs/modeleditor/js/defaultValue.js`

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36222 DOM XSS in `/libs/dam/gui/coral/components/admin/customthumb/clientlibs/customthumb.js`

Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically requires...

CVE-2024-36222 DOM XSS in `/libs/dam/gui/coral/components/admin/customthumb/clientlibs/customthumb.js`

Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically requires...

CVE-2024-36173 AMS XSS - /libs/dam/gui/components/s7dam/videoreport/clientlibs/videosummaryreport/js/summaryreport.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36173 AMS XSS - /libs/dam/gui/components/s7dam/videoreport/clientlibs/videosummaryreport/js/summaryreport.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-26060 AMS XSS - /libs/cq/inbox/gui/components/inbox/table/table.jsp (include)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-26060 AMS XSS - /libs/cq/inbox/gui/components/inbox/table/table.jsp (include)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-26083 Stored XSS in `libs/granite/ui/components/foundation/clientlibs/foundation/js/admin/propertiesactivator.js`

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-26083 Stored XSS in `libs/granite/ui/components/foundation/clientlibs/foundation/js/admin/propertiesactivator.js`

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-26072 DOM XSS (version 2) in `libs/granite/ui/components/shell/clientlibs/shell/js/globalnav.js`

Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically requires...

CVE-2024-36165 AMS XSS - /libs/cq/workflow/admin/console/components/clientlibs/js/dialogs/model.create.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36165 AMS XSS - /libs/cq/workflow/admin/console/components/clientlibs/js/dialogs/model.create.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...