CVE-2024-36146 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-36146

Adobe Experience Manager 6.5.20 and earlier are affected by a stored XSS in vulnerable form fields. Malicious JavaScript can execute in a user’s browser when they view a page with the vulnerable field. Remediation: apply the APSB24-28 updates (AEM 6.5.21+ per advisories/patch notes).

CVE-2024-26121

Adobe Experience Manager (AEM) 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability in vulnerable form fields. The underlying issue allows an attacker to inject malicious scripts that may be executed in a victim’s browser when visiting a page containing the vulnera...

CVE-2024-34119 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-34119

Adobe Experience Manager (AEM) versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability in vulnerable form fields. The issue allows injection of malicious JavaScript that can execute in a victim’s browser when the page containing the field is loaded or interac...

CVE-2024-34119 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-26070

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability in vulnerable form fields, allowing attacker-supplied JavaScript to execute in a victim’s browser when visiting the page containing the field. Connected sources confirm the produ...

CVE-2024-36159 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-26036

Adobe Experience Manager (AEM) 6.5.20 and earlier is affected by a stored Cross-Site Scripting (XSS) vulnerability in vulnerable form fields (CVE-2024-26036). An attacker could inject malicious JavaScript that executes in a victim’s browser when visiting a page containing the vulnerable field. AE...

CVE-2024-36202

Adobe Experience Manager (AEM) versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability in vulnerable form fields. Malicious JavaScript can execute in a victim’s browser when visiting pages with the crafted payload. The CVE is CVE-2024-36202 (CWE-79) with a CV...

CVE-2024-36202 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-36141

CVE-2024-36141 affects Adobe Experience Manager (AEM) 6.5.20 and earlier. The described vulnerability is a stored Cross-Site Scripting (XSS) flaw in vulnerable form fields, allowing a low-privileged attacker to inject malicious scripts that may execute in a victim’s browser when visiting the affe...

CVE-2024-26089

CVE-2024-26089 affects Adobe Experience Manager (AEM) versions 6.5.20 and earlier and is described as a DOM-based Cross-Site Scripting (XSS) vulnerability (CWE-79) that could allow an attacker to execute arbitrary JavaScript in a victim’s browser context. The exploitation requires user interactio...

CVE-2024-36197 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)

Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting XSS vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue requires user...

CVE-2024-36180 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-36180

Adobe Experience Manager (AEM) 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability in vulnerable form fields. The flaw could allow an attacker to inject malicious JavaScript, which may be executed in a victim’s browser when visiting the page containing the vulnera...

CVE-2024-36216

Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability that can be exploited when a victim is lured to a crafted URL, allowing arbitrary JavaScript to run in the user’s browser. The issue targets the AEM web frontend and arises fr...

CVE-2024-36216 Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...

CVE-2024-36164

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross‑Site Scripting (XSS) vulnerability in vulnerable form fields. The underlying issue allows an attacker to inject malicious JavaScript, which is executed in a victim’s browser when visiting a page containing the vul...

CVE-2024-36158 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...