13503 matches found
Liferay Portal & DXP - Cross-Site Scripting
Liferay Portal 7.4.0 through 7.4.3.133 and Liferay DXP 2024.Q1.1 through 2025.Q1.4 contain a reflected XSS caused by improper sanitization in entrycoverimagecaption.jsp, letting remote non-authenticated attackers inject JavaScript. id: CVE-2025-4576 info: name: Liferay Portal & DXP - Cross-Site...
Adobe Experience Manager ≤ 6.5.23.0 - XML Injection
Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an XML Injection vulnerability that could result in a Security feature bypass. id: CVE-2025-54251 info: name: Adobe Experience Manager ≤ 6.5.23.0 - XML Injection author: DhiyaneshDK,assetnote severity: medium description: |...
CVE-2026-48355
Adobe Experience Manager is affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the...
CVE-2026-48359
Adobe Experience Manager is affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could result in arbitrary code execution in the context of the current user. A low-privileged attacker could exploit this vulnerability to read sensitive files, potentially...
CVE-2026-48262
Adobe Experience Manager is affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in...
CVE-2026-48310
Adobe Experience Manager is affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access...
CVE-2026-48253
Adobe Experience Manager is affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in...
CVE-2026-48260
Adobe Experience Manager is affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in...
CVE-2026-48261
Adobe Experience Manager is affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in...
CVE-2026-48252
Adobe Experience Manager is affected by a Missing Authentication for Critical Function vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue does not...
CVE-2026-48254
Adobe Experience Manager is affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in...
CVE-2026-48257
Adobe Experience Manager is affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in...
CVE-2026-48255
Adobe Experience Manager is affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in...
CVE-2026-48259
Adobe Experience Manager is affected by a Server-Side Request Forgery SSRF vulnerability that could result in arbitrary code execution in the context of the current user. A low-privileged attacker could leverage this vulnerability to issue unauthorized server-side requests, potentially gaining...
CVE-2026-48310
Adobe Experience Manager (AEM) is affected by an Improper Limitation of a Pathname to a Restricted Directory (Path Traversal, CWE-22) vulnerability that could enable arbitrary file system read. The issue arises from an improper pathname restriction, allowing access to sensitive files outside the ...
CVE-2026-48259
Adobe Experience Manager is affected by a Server-Side Request Forgery (SSRF) vulnerability that could allow arbitrary code execution in the context of the current user. Exploitation requires no user interaction, with a low-privileged attacker potentially issuing unauthorized server-side requests ...
CVE-2026-48259 Adobe Experience Manager | Server-Side Request Forgery (SSRF) (CWE-918)
Adobe Experience Manager is affected by a Server-Side Request Forgery SSRF vulnerability that could result in arbitrary code execution in the context of the current user. A low-privileged attacker could leverage this vulnerability to issue unauthorized server-side requests, potentially gaining...
CVE-2026-48359 Adobe Experience Manager | Improper Restriction of XML External Entity Reference ('XXE') (CWE-611)
Adobe Experience Manager is affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could result in arbitrary code execution in the context of the current user. A low-privileged attacker could exploit this vulnerability to read sensitive files, potentially...
CVE-2026-48359
Adobe Experience Manager is affected by an XML External Entity (XXE) vulnerability (CVE-2026-48359) due to improper restriction of XML External Entity references. It could allow a low-privileged attacker to read sensitive files and potentially gain elevated access or control, with arbitrary code ...
CVE-2026-48263
CVE-2026-48263 : Adobe Experience Manager is affected by a stored Cross-Site Scripting (XSS) vulnerability in vulnerable form fields. The issue allows a low-privileged attacker to inject malicious scripts, which may execute in a victim’s browser when visiting a page containing the vulnerable fiel...