Adobe Experience Manager cross-site scripting vulnerability (CNVD-2025-01179)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2025-15864)

Adobe Experience Manager is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2025-15862)

Adobe Experience Manager is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

CVE-2024-52861

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-43743

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-43721

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user inpu...

CVE-2024-52836

CVE-2024-52836 affects Adobe Experience Manager (AEM) 6.5.21 and earlier, with a stored XSS vulnerability in vulnerable form fields. The underlying issue allows an attacker to inject malicious JavaScript that runs in a victim’s browser when visiting a page containing the affected field. Public de...

CVE-2024-52860

Adobe Experience Manager (AEM) v6.5.21 and earlier is affected by a DOM-based XSS vulnerability (CVE-2024-52860). The issue allows an attacker to execute arbitrary code in the victim’s browser context by manipulating a DOM element via a crafted URL or user input; exploitation requires user intera...

CVE-2024-52843

CVE-2024-52843 affects Adobe Experience Manager (AEM) 6.5.21 and earlier with a stored Cross-Site Scripting (XSS) vulnerability in vulnerable form fields. Exploitation could allow injection of malicious JavaScript executed in a victim’s browser when accessing the affected page. Public references ...

CVE-2024-43733

CVE-2024-43733 affects Adobe Experience Manager (AEM) 6.5.21 and earlier with a DOM-based Cross-Site Scripting (XSS) flaw. The vulnerability allows injection of malicious scripts via manipulated DOM elements using crafted URLs or user input, executing in the victim’s browser context and requiring...

CVE-2024-43744 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-54036

Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-54049

Adobe Connect CVE-2024-54049 is a reflected Cross-Site Scripting (XSS) vulnerability affecting versions 12.6, 11.4.7 and earlier. The issue arises when a victim is induced to visit a URL that references a vulnerable page, allowing attacker-controlled JavaScript to execute in the victim’s browser ...

PT-2024-9939 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.21 and earlier Description: A DOM-based Cross-Site Scripting XSS issue affects Adobe Experience Manager, allowing an attacker to execute arbitrary code in the context of the victim's browser session. This...

CVE-2024-54219 WordPress AIO Contact plugin <= 2.8.1 - Unauthenticated Site-Wide Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in thehp AIO Contact aio-contact.This issue affects AIO Contact: from n/a through = 2.8.1...

CVE-2024-53281

CVE-2024-53281 concerns Synology Router Manager (SRM) and its Network WOL feature. The vulnerability arises from improper neutralization of input during web page generation (XSS), allowing remote authenticated users to read or write certain files containing non-sensitive data and perform limited ...

CVE-2024-54935

A Stored Cross-Site Scripting XSS vulnerability was found in /sendmessageteachertostudent.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the mymessage parameter...

PT-2024-17003 · WordPress · Zooom

Name of the Vulnerable Software and Affected Versions: Zooom plugin for WordPress versions up to, and including, 1.1.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'zooom' shortcode due to insufficient input sanitization and output escaping on user-supplied...

CVE-2024-53823

CVE-2024-53823 involves a DOM-based cross-site scripting (XSS) vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite (WordPress plugin). The root cause is improper neutralization of input during web page generation, enabling XSS in affected pages. Affected software: The Plus A...

PT-2024-35915 · Unknown · Bold Page Builder

Name of the Vulnerable Software and Affected Versions: Bold Page Builder versions n/a through 5.2.1 Description: The issue is related to improper neutralization of input during web page generation, which allows for stored cross-site scripting XSS. This means that an attacker can inject malicious...