8 matches found
EUVD-2022-1849
Malicious code in bioql PyPI...
Cross-site Scripting (XSS)
acs-aem-commons is vulnerable to cross-site scripting. An attacker is able to inject and execute malicious script via the a and b GET parameters in page compare when a victim with access to AEM Author visits the page...
Page Compare Reflected Cross-site Scripting (XSS) vulnerability
Impact ACS Commons version 5.1.x and earlier suffers from a Reflected Cross-site Scripting XSS vulnerability in /apps/acs-commons/content/page-compare.html endpoint via the a and b GET parameters. User input submitted via these parameters is not validated or sanitized. An attacker must provide a...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
ACS Commons version 5.1.x and earlier suffers from a Reflected Cross-site Scripting XSS vulnerability in /apps/acs-commons/content/page-compare.html endpoint via the a and b GET parameters. User input submitted via these parameters is not validated or sanitised. An attacker must provide a link to...
CVE-2022-28820
ACS Commons version 5.1.x and earlier suffers from a Reflected Cross-site Scripting XSS vulnerability in /apps/acs-commons/content/page-compare.html endpoint via the a and b GET parameters. User input submitted via these parameters is not validated or sanitised. An attacker must provide a link to...
CVE-2022-28820
ACS Commons version 5.1.x and earlier suffers from a Reflected Cross-site Scripting XSS vulnerability in /apps/acs-commons/content/page-compare.html endpoint via the a and b GET parameters. User input submitted via these parameters is not validated or sanitised. An attacker must provide a link to...
Cross site scripting
ACS Commons version 5.1.x and earlier suffers from a Reflected Cross-site Scripting XSS vulnerability in /apps/acs-commons/content/page-compare.html endpoint via the a and b GET parameters. User input submitted via these parameters is not validated or sanitised. An attacker must provide a link to...
CVE-2022-28820
ACS Commons 5.1.x and earlier are affected by a Reflected Cross-site Scripting (XSS) in the /apps/acs-commons/content/page-compare.html endpoint via the a and b GET parameters. User input is not validated or sanitized, enabling an attacker who can supply a link to a user with AEM Author access to...