WordPress Backend Customizer – Everest Admin Theme Lite Security Vulnerabilities

CVE-2024-36165 AMS XSS - /libs/cq/workflow/admin/console/components/clientlibs/js/dialogs/model.create.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36220 DOM XSS in `libs/cq/gui/components/siteadmin/admin/foundpages/clientlibs/predicatebreadcrumbs.js`

Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue requires...

CVE-2024-36220 DOM XSS in `libs/cq/gui/components/siteadmin/admin/foundpages/clientlibs/predicatebreadcrumbs.js`

Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue requires...

CVE-2024-36204 AMS XSS - /libs/dam/gui/coral/components/admin/folderschemaforms/clientlibs/folderschemaforms/js/formdetails.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36204 AMS XSS - /libs/dam/gui/coral/components/admin/folderschemaforms/clientlibs/folderschemaforms/js/formdetails.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36175 AMS XSS - /libs/cq/gui/components/siteadmin/admin/components/clientlibs/js/liveusage.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36175 AMS XSS - /libs/cq/gui/components/siteadmin/admin/components/clientlibs/js/liveusage.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36205 AMS XSS - /libs/dam/gui/coral/components/admin/folderschemaforms/formbuilder/v2/clientlibs/js/formdetails.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36205 AMS XSS - /libs/dam/gui/coral/components/admin/folderschemaforms/formbuilder/v2/clientlibs/js/formdetails.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-26093 AMS XSS - /libs/cq/gui/components/projects/admin/clientlibs/taskmanagement/js/taskmanagement.js (JS)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's...

CVE-2024-26093 AMS XSS - /libs/cq/gui/components/projects/admin/clientlibs/taskmanagement/js/taskmanagement.js (JS)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's...

CVE-2024-26123 AMS XSS - /libs/fd/fm/gui/components/admin/adddictionary/clientlibs/js/adddictionary.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-26095 AMS XSS - /libs/cq/gui/components/projects/admin/taskdetails/clientlibs/js/taskdetails.js (JS)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-26095 AMS XSS - /libs/cq/gui/components/projects/admin/taskdetails/clientlibs/js/taskdetails.js (JS)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36234 DOM XSS in `libs/cq/gui/components/projects/admin/pim/clientlibs/shotlist/js/shotlist.js`

Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically requires...

CVE-2024-36234 DOM XSS in `libs/cq/gui/components/projects/admin/pim/clientlibs/shotlist/js/shotlist.js`

Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically requires...

CVE-2024-36170 AMS XSS - /libs/fd/fm/gui/components/admin/changeguidetemplate/clientlibs/changeguidetemplate/js/changeguidetemplate.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36170 AMS XSS - /libs/fd/fm/gui/components/admin/changeguidetemplate/clientlibs/changeguidetemplate/js/changeguidetemplate.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36171 AMS XSS - /libs/cq/experience-fragments/components/admin/smlogin/clientlib/smlogin.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36201 AMS XSS - /libs/fd/fm/gui/components/admin/clientlibs/admin/js/admin.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36171 AMS XSS - /libs/cq/experience-fragments/components/admin/smlogin/clientlib/smlogin.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36201 AMS XSS - /libs/fd/fm/gui/components/admin/clientlibs/admin/js/admin.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36184 AMS XSS - /libs/dam/gui/coral/components/admin/references/assetlanguagecopy/clientlibs/assetlanguagecopy/js/assetlanguagecopy.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically requires...

CVE-2024-36184 AMS XSS - /libs/dam/gui/coral/components/admin/references/assetlanguagecopy/clientlibs/assetlanguagecopy/js/assetlanguagecopy.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically requires...

CVE-2024-26039 DOM XSS in `libs/cq/gui/components/projects/admin/translation/job/cancel/translationpage/clientlibs/js/canceltranslationpage.js`

Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue requires...

CVE-2024-26039 DOM XSS in `libs/cq/gui/components/projects/admin/translation/job/cancel/translationpage/clientlibs/js/canceltranslationpage.js`

Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue requires...

CVE-2024-36218 AMS XSS - /libs/cq/gui/components/projects/admin/pod/dashboard/translationjobpod/body/body.jsp (original report 1909967 was closed )

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36218 AMS XSS - /libs/cq/gui/components/projects/admin/pod/dashboard/translationjobpod/body/body.jsp (original report 1909967 was closed )

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36194 Stored XSS in `libs/dam/gui/coral/components/admin/clientlibs/admin/js/action.js`

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36194 Stored XSS in `libs/dam/gui/coral/components/admin/clientlibs/admin/js/action.js`

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36228 DOM XSS in `/libs/dam/gui/components/admin/assetview/pagesnavigator/clientlibs/navigator.js`

Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue requires...

CVE-2024-36228 DOM XSS in `/libs/dam/gui/components/admin/assetview/pagesnavigator/clientlibs/navigator.js`

Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue requires...

CVE-2024-36169 AMS XSS - /libs/fd/cm/ma/gui/components/admin/createasset/textcontrol/clientlibs/textcontrol/js/textcontrol.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36169 AMS XSS - /libs/fd/cm/ma/gui/components/admin/createasset/textcontrol/clientlibs/textcontrol/js/textcontrol.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36174 AMS XSS - /libs/cq/gui/components/siteadmin/admin/components/clientlibs/js/policies.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36174 AMS XSS - /libs/cq/gui/components/siteadmin/admin/components/clientlibs/js/policies.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36200 AMS XSS - /libs/cq/gui/components/siteadmin/admin/listview/columns/configurecolumns.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36200 AMS XSS - /libs/cq/gui/components/siteadmin/admin/listview/columns/configurecolumns.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-26121 AMS XSS - /libs/cq/gui/components/projects/admin/clientlibs/projects/js/projects.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36146 AMS XSS - /libs/cq/workflow/admin/console/components/clientlibs/js/dialogs/model.delete.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-26121 AMS XSS - /libs/cq/gui/components/projects/admin/clientlibs/projects/js/projects.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36146 AMS XSS - /libs/cq/workflow/admin/console/components/clientlibs/js/dialogs/model.delete.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-26070 AMS XSS - /libs/dam/cfm/admin/components/metadata/thumbnail/thumbnail.jsp (6.5.18 retest 1816530 - new issue)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-26070 AMS XSS - /libs/dam/cfm/admin/components/metadata/thumbnail/thumbnail.jsp (6.5.18 retest 1816530 - new issue)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-26036 Stored XSS in `libs/cq/gui/components/projects/admin/translation/customsearch/assettype/clientlibs/assettype/js/assettype.js`

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-26036 Stored XSS in `libs/cq/gui/components/projects/admin/translation/customsearch/assettype/clientlibs/assettype/js/assettype.js`

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36183 DOM XSS in `libs/cq/gui/components/siteadmin/admin/unpublishwizard/clientlibs/js/wizard.js`

Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically...

CVE-2024-36183 DOM XSS in `libs/cq/gui/components/siteadmin/admin/unpublishwizard/clientlibs/js/wizard.js`

Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically...

CVE-2024-36214 Cloud Services XSS - /libs/dam/gui/components/admin/processingprofiles/clientlibs/processingprofiles/editprofile.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36214 Cloud Services XSS - /libs/dam/gui/components/admin/processingprofiles/clientlibs/processingprofiles/editprofile.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...