3250 matches found
CVE-2024-36166 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...
CVE-2024-36172 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...
CVE-2024-36182 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...
CVE-2024-36182
CVE-2024-36182 affects Adobe Experience Manager (AEM) 6.5.20 and earlier. The vulnerability is a stored Cross-Site Scripting (XSS) in vulnerable form fields, allowing injection of malicious JavaScript that runs in a victim’s browser when visiting pages containing those fields. The CVE is linked t...
CVE-2024-36152 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...
CVE-2024-36176
Adobe Experience Manager 6.5.20 and earlier are affected by a stored XSS vulnerability in vulnerable form fields, enabling malicious JavaScript execution in a victim’s browser when visiting pages containing those fields. Root cause: DOM/Stored XSS in user-supplied input. Affected product: AEM 6.5...
CVE-2024-36191 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...
CVE-2024-26068 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...
CVE-2024-26068
Adobe Experience Manager 6.5.20 and earlier are affected by a stored XSS vulnerability in vulnerable form fields. The underlying issue allows attacker‑supplied scripts to execute in a victim’s browser when visiting a page containing the vulnerable field. Exploitation requires user interaction and...
CVE-2024-36185 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...
CVE-2024-26081
CVE-2024-26081 affects Adobe Experience Manager 6.5.20 and earlier. It is a stored XSS vulnerability: an attacker could inject malicious scripts into vulnerable form fields, with JavaScript executed in the victim’s browser when loading the page. The issue is confirmed by multiple sources and has ...
CVE-2024-36195
CVE-2024-36195 affects Adobe Experience Manager 6.5.20 and earlier with a stored XSS in vulnerable form fields. The stored payload can execute JavaScript in a victim’s browser when visiting the page containing the field (per NVD description). CVSS 3.1 base score is 5.4 (Medium) with network attac...
CVE-2024-36199
CVE-2024-36199 affects Adobe Experience Manager versions 6.5.20 and earlier. It is a stored Cross-Site Scripting (XSS) vulnerability in vulnerable form fields that can let an attacker inject JavaScript, which would execute in a victim’s browser when they visit the affected page. The CVSSv3.1 base...
CVE-2024-36161 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...
CVE-2024-36161
Adobe Experience Manager 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability (CVE-2024-36161) in vulnerable form fields. The issue allows injection of malicious JavaScript that can execute in the victim’s browser when visiting a page containing the affected field....
CVE-2024-36232 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...
Cross-Site Scripting (XSS)
inveniocommunities is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to inadequate sanitization of the Affiliations field during the account registration process, allowing attackers to inject and execute malicious scripts...
Cross Site Scripting(XSS)
summernote is vulnerable to Cross Site Scripting XSS. The vulnerability is due to insufficient input validation and sanitization of user-provided content, allowing malicious scripts to be executed within the context of the application when viewed in code mode...
Cross-Site Scripting (XSS)
typo3/cms-core is vulnerable to Cross-Site scripting XSS. The vulnerability is caused by improper user input encoding when using templates in the built-in Fluid ViewHelpers, which allows an attacker to inject malicious scripts into the browser...
Cross-Site Scripting (XSS)
typo3/cms-core is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insecurely encoding information from external sources in language pack handling, which allows attackers to execute malicious scripts in the context of the user’s browser...