WordPress Backend Customizer – Everest Admin Theme Lite Security Vulnerabilities

CVE-2024-36171 AMS XSS - /libs/cq/experience-fragments/components/admin/smlogin/clientlib/smlogin.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36201 AMS XSS - /libs/fd/fm/gui/components/admin/clientlibs/admin/js/admin.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36184 AMS XSS - /libs/dam/gui/coral/components/admin/references/assetlanguagecopy/clientlibs/assetlanguagecopy/js/assetlanguagecopy.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically requires...

CVE-2024-36184 AMS XSS - /libs/dam/gui/coral/components/admin/references/assetlanguagecopy/clientlibs/assetlanguagecopy/js/assetlanguagecopy.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically requires...

CVE-2024-26039 DOM XSS in `libs/cq/gui/components/projects/admin/translation/job/cancel/translationpage/clientlibs/js/canceltranslationpage.js`

Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue requires...

CVE-2024-26039 DOM XSS in `libs/cq/gui/components/projects/admin/translation/job/cancel/translationpage/clientlibs/js/canceltranslationpage.js`

Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue requires...

CVE-2024-36218 AMS XSS - /libs/cq/gui/components/projects/admin/pod/dashboard/translationjobpod/body/body.jsp (original report 1909967 was closed )

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36218 AMS XSS - /libs/cq/gui/components/projects/admin/pod/dashboard/translationjobpod/body/body.jsp (original report 1909967 was closed )

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36194 Stored XSS in `libs/dam/gui/coral/components/admin/clientlibs/admin/js/action.js`

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36194 Stored XSS in `libs/dam/gui/coral/components/admin/clientlibs/admin/js/action.js`

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36228 DOM XSS in `/libs/dam/gui/components/admin/assetview/pagesnavigator/clientlibs/navigator.js`

Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue requires...

CVE-2024-36228 DOM XSS in `/libs/dam/gui/components/admin/assetview/pagesnavigator/clientlibs/navigator.js`

Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue requires...

CVE-2024-36169 AMS XSS - /libs/fd/cm/ma/gui/components/admin/createasset/textcontrol/clientlibs/textcontrol/js/textcontrol.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36169 AMS XSS - /libs/fd/cm/ma/gui/components/admin/createasset/textcontrol/clientlibs/textcontrol/js/textcontrol.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36174 AMS XSS - /libs/cq/gui/components/siteadmin/admin/components/clientlibs/js/policies.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36174 AMS XSS - /libs/cq/gui/components/siteadmin/admin/components/clientlibs/js/policies.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36200 AMS XSS - /libs/cq/gui/components/siteadmin/admin/listview/columns/configurecolumns.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36200 AMS XSS - /libs/cq/gui/components/siteadmin/admin/listview/columns/configurecolumns.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-26121 AMS XSS - /libs/cq/gui/components/projects/admin/clientlibs/projects/js/projects.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36146 AMS XSS - /libs/cq/workflow/admin/console/components/clientlibs/js/dialogs/model.delete.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-26121 AMS XSS - /libs/cq/gui/components/projects/admin/clientlibs/projects/js/projects.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36146 AMS XSS - /libs/cq/workflow/admin/console/components/clientlibs/js/dialogs/model.delete.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-26070 AMS XSS - /libs/dam/cfm/admin/components/metadata/thumbnail/thumbnail.jsp (6.5.18 retest 1816530 - new issue)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-26070 AMS XSS - /libs/dam/cfm/admin/components/metadata/thumbnail/thumbnail.jsp (6.5.18 retest 1816530 - new issue)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-26036 Stored XSS in `libs/cq/gui/components/projects/admin/translation/customsearch/assettype/clientlibs/assettype/js/assettype.js`

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-26036 Stored XSS in `libs/cq/gui/components/projects/admin/translation/customsearch/assettype/clientlibs/assettype/js/assettype.js`

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36183 DOM XSS in `libs/cq/gui/components/siteadmin/admin/unpublishwizard/clientlibs/js/wizard.js`

Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically...

CVE-2024-36183 DOM XSS in `libs/cq/gui/components/siteadmin/admin/unpublishwizard/clientlibs/js/wizard.js`

Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically...

CVE-2024-36214 Cloud Services XSS - /libs/dam/gui/components/admin/processingprofiles/clientlibs/processingprofiles/editprofile.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36214 Cloud Services XSS - /libs/dam/gui/components/admin/processingprofiles/clientlibs/processingprofiles/editprofile.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36163 AMS XSS - /libs/cq/gui/components/common/admin/navigationpanel/toolbar/actiondialogs/clientlibs/actiondialogs/dialogs.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36163 AMS XSS - /libs/cq/gui/components/common/admin/navigationpanel/toolbar/actiondialogs/clientlibs/actiondialogs/dialogs.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36193 Stored XSS in `libs/cq/gui/components/siteadmin/admin/publishwizard/clientlibs/js/wizard.js`

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36193 Stored XSS in `libs/cq/gui/components/siteadmin/admin/publishwizard/clientlibs/js/wizard.js`

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36187 Stored XSS in `libs/fd/fmaddon/gui/components/admin/afanalytics/clientlibs/afanalytics/js/afanalytics.js`

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36187 Stored XSS in `libs/fd/fmaddon/gui/components/admin/afanalytics/clientlibs/afanalytics/js/afanalytics.js`

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-26077 Stored XSS in `libs/dam/cfm/admin/clientlibs/v2/authoring/contenteditor/validators.js`

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-26077 Stored XSS in `libs/dam/cfm/admin/clientlibs/v2/authoring/contenteditor/validators.js`

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36166 AMS XSS - /libs/cq/gui/components/siteadmin/admin/foundpages/clientlibs/predicatebreadcrumbs.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36166 AMS XSS - /libs/cq/gui/components/siteadmin/admin/foundpages/clientlibs/predicatebreadcrumbs.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36182 Stored XSS in `libs/dam/gui/coral/components/admin/timeline/clientlibs/timeline/js/events.js`

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36182 Stored XSS in `libs/dam/gui/coral/components/admin/timeline/clientlibs/timeline/js/events.js`

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-26054 Stored XSS in `/libs/cq/workflow/admin/console/components/launchers/clientlibs/js/launcher.delete.action.js`

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-26058 DOM XSS in `/libs/cq/gui/components/projects/admin/pod/translationjobpod/clientlibs/js/translationjobpod.js`

Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue requires...

CVE-2024-26058 DOM XSS in `/libs/cq/gui/components/projects/admin/pod/translationjobpod/clientlibs/js/translationjobpod.js`

Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue requires...

CVE-2024-26054 Stored XSS in `/libs/cq/workflow/admin/console/components/launchers/clientlibs/js/launcher.delete.action.js`

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36219 AMS XSS - /libs/dam/gui/components/admin/assetview/assetview.jsp

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36219 AMS XSS - /libs/dam/gui/components/admin/assetview/assetview.jsp

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36191 AMS XSS - /libs/dam/gui/components/admin/csv/edit/clientlibs/edit/js/edit.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

CVE-2024-36191 AMS XSS - /libs/dam/gui/components/admin/csv/edit/clientlibs/edit/js/edit.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...