Lucene search
K
AdobeExperience Manager

1148 matches found

CVE
CVE
added 2019/08/16 4:3 p.m.282 views

CVE-2019-7964

CVE-2019-7964 affects Adobe Experience Manager (AEM) versions 6.4 and 6.5 . The connected documents describe a vulnerability in the Security Assertion Markup Language (SAML) handler that constitutes an authentication bypass , which could permit an attacker to gain unauthorized access to the AEM e...

10CVSS9.7AI score0.10217EPSS
CVE
CVE
added 2020/01/15 4:15 p.m.196 views

CVE-2019-16469

Adobe Experience Manager (AEM) is affected by an expression language injection vulnerability (CVE-2019-16469) across AEM 6.0–6.5. The Nuclei template corroborates the affected versions and states successful exploitation could lead to sensitive information disclosure. Root cause: expression langua...

7.5CVSS7.2AI score0.17186EPSS
CVE
CVE
added 2016/02/10 8:0 p.m.140 views

CVE-2016-0956

CVE-2016-0956 affects the Apache Sling Servlets Post component (version 2.3.6) used by Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0. The issue is an information-disclosure vulnerability in Sling Post 2.3.6 allowing remote attackers to obtain sensitive information via unspecified vectors. APSB...

7.8CVSS7AI score0.46187EPSS
Web
CVE
CVE
added 2016/02/10 8:0 p.m.124 views

CVE-2016-0957

Adobe Experience Manager Dispatcher vulnerability CVE-2016-0957 affects Dispatcher before 4.1.5 used with AEM 5.6.1, 6.0.0, and 6.1.0. The flaw is a URL filter bypass that allows remote attackers to bypass Dispatcher rules via unspecified vectors, potentially bypassing security controls. Mitigati...

7.8CVSS7.4AI score0.5071EPSS
CVE
CVE
added 2019/07/18 9:48 p.m.116 views

CVE-2019-7955

CVE-2019-7955 is a reflected cross-site scripting vulnerability affecting Adobe Experience Manager 6.4 and earlier. The Red Hat and NVD entries corroborate that exploitation can lead to sensitive information disclosure in the context of the current user. Exploitation is network-based with user in...

6.1CVSS5.8AI score0.02118EPSS
CVE
CVE
added 2022/09/30 4:55 p.m.115 views

CVE-2022-28851

CVE-2022-28851 affects Adobe Experience Manager 6.5.13.0 and earlier with a reflected XSS vulnerability. Exploit requires low privileges and user interaction; malicious script runs in the victim’s browser via a crafted URL. Connected sources confirm related Adobe APSB updates for AEM (APSB22-59) ...

5.4CVSS5AI score0.36756EPSS
CVE
CVE
added 2019/10/25 3:17 p.m.112 views

CVE-2019-8086

Adobe Experience Manager is affected by an XML External Entity (XXE) injection (CVE-2019-8086) in AEM 6.2–6.5. The vulnerability stems from improper handling of XML external entities, potentially enabling an attacker to disclose sensitive information; data modification or unauthorized administrat...

7.5CVSS7.1AI score0.24257EPSS
CVE
CVE
added 2024/06/13 7:53 a.m.109 views

CVE-2024-36236

CVE-2024-36236 affects Adobe Experience Manager 6.5.20 and earlier with a DOM-based XSS that can allow arbitrary JavaScript in a victim’s browser, typically requiring user interaction. Adobe has released updates (APSB24-28) to fix these issues; customers should upgrade to 6.5.21+ or apply the ava...

5.4CVSS5.5AI score0.00359EPSS
CVE
CVE
added 2019/10/24 5:24 p.m.107 views

CVE-2019-8080

CVE-2019-8080 affects Adobe Experience Manager 6.3 and 6.4 (and related 6.5 lines) with a stored cross-site scripting vulnerability that, when exploited, can lead to privilege escalation. The public description states the issue is a stored XSS in AEM, enabling elevation of privileges under certai...

6.1CVSS5.8AI score0.01775EPSS
CVE
CVE
added 2016/12/15 6:31 a.m.106 views

CVE-2016-6933

CVE-2016-6933 affects Adobe Experience Manager Forms (Versions 6.2 and earlier) and LiveCycle (11.0.1, 10.0.4) with an input validation issue in the AACComponent that could be exploited for cross-site scripting. Connected advisories (e.g., APSB16-40) indicate Adobe released security updates addre...

6.1CVSS5.9AI score0.02004EPSS
CVE
CVE
added 2019/10/24 5:22 p.m.104 views

CVE-2019-8079

CVE-2019-8079 affects Adobe Experience Manager (AEM) 6.x — specifically versions 6.4, 6.3, 6.2, 6.1 and 6.0 — with a stored cross-site scripting vulnerability. The issue could allow an attacker to disclose sensitive information upon successful exploitation. Technical detail across connected docum...

6.1CVSS5.4AI score0.01498EPSS
CVE
CVE
added 2024/03/18 5:54 p.m.104 views

CVE-2024-26028

Adobe Experience Manager (AEM) versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability (CVE-2024-26028). The issue occurs in vulnerable form fields where malicious JavaScript can be stored and executed when a user visits the page containing the field. CVE det...

5.4CVSS5.3AI score0.00427EPSS
CVE
CVE
added 2024/03/18 5:54 p.m.104 views

CVE-2024-26042

CVE-2024-26042 affects Adobe Experience Manager (AEM) versions

5.4CVSS5.6AI score0.0054EPSS
CVE
CVE
added 2019/10/24 5:9 p.m.102 views

CVE-2019-8078

CVE-2019-8078 affects Adobe Experience Manager 6.x specifically 6.2, 6.3 and 6.4. The vulnerability is a reflected cross-site scripting issue that could lead to sensitive information disclosure. Remediation per public advisories is to apply the APSB19-48 updates, upgrading to affected fixed versi...

6.1CVSS5.4AI score0.01609EPSS
CVE
CVE
added 2022/12/21 1:21 a.m.101 views

CVE-2022-44474

CVE-2022-44474 is an Adobe Experience Manager (AEM) reflected XSS affecting version 6.5.14 and earlier. The vulnerability allows a low-privileged attacker to entice a user to visit a crafted URL, causing malicious JavaScript to run in the victim’s browser. The primary exploitation detail is a ref...

5.4CVSS5AI score0.0048EPSS
CVE
CVE
added 2023/09/13 1:1 p.m.101 views

CVE-2023-38215

CVE-2023-38215 affects Adobe Experience Manager (AEM) versions 6.5.17 and earlier. It is a reflected XSS vulnerability: a low-privilege attacker lures a victim to a crafted URL, causing malicious JavaScript to execute in the user’s browser. CVSS v3.1 base score 5.4 (Medium): AV:N/AC:L/PR:L/UI:R/S...

5.4CVSS5.1AI score0.00363EPSS
CVE
CVE
added 2019/07/18 9:49 p.m.100 views

CVE-2019-7953

Adobe Experience Manager 6.4 and earlier versions are affected by a Cross-Site Request Forgery vulnerability that could allow sensitive information disclosure in the context of the current user. Publicly documented details come from multiple sources (NVD, Red Hat, CVE lists, and Adobe APSB19-38) ...

6.5CVSS6.2AI score0.02669EPSS
CVE
CVE
added 2023/03/22 12:0 a.m.100 views

CVE-2023-21615

Summary of CVE-2023-21615 : Adobe Experience Manager (AEM) 6.5.x up to 6.5.15.0 is affected by a reflected XSS vulnerability. An attacker with low privileges can lure a user to a crafted URL referencing a vulnerable page, causing JavaScript execution in the victim’s browser. The CVSS 3.1 score is...

5.4CVSS5AI score0.0048EPSS
CVE
CVE
added 2023/06/15 12:0 a.m.100 views

CVE-2023-29304

Summary: CVE-2023-29304 affects Adobe Experience Manager (AEM) 6.5.16.0 and earlier and is a reflected Cross-Site Scripting (XSS) vulnerability. The attack requires a low-privileged user to lure a victim to a crafted URL referencing a vulnerable page, enabling execution of malicious JavaScript in...

5.4CVSS5AI score0.0046EPSS
CVE
CVE
added 2024/04/04 8:59 a.m.99 views

CVE-2024-20800

CVE-2024-20800 affects Adobe Experience Manager versions 6.5.19 and earlier. The issue is a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by a low-privileged attacker to inject malicious scripts into vulnerable web pages, potentially leading to arbitrary code executio...

5.4CVSS6.2AI score0.00459EPSS
CVE
CVE
added 2024/03/18 5:54 p.m.99 views

CVE-2024-26032

Adobe Experience Manager (AEM)

5.4CVSS6.2AI score0.0054EPSS
CVE
CVE
added 2019/07/18 9:49 p.m.98 views

CVE-2019-7954

CVE-2019-7954 describes a stored cross-site scripting vulnerability in Adobe Experience Manager versions 6.4 and earlier. The issue allows an attacker to disclose sensitive information in the context of the current user, as noted in multiple sources (NVD/Red Hat entries). Exploitation could occur...

6.1CVSS5.8AI score0.01687EPSS
CVE
CVE
added 2023/03/22 12:0 a.m.91 views

CVE-2023-22254

CVE-2023-22254 affects Adobe Experience Manager (AEM) Experience Manager 6.5.15.0 and earlier with a reflected XSS in which a low-privileged attacker entices a victim to visit a crafted URL referencing a vulnerable page, causing malicious JavaScript to run in the victim’s browser. The vulnerabili...

5.4CVSS5AI score0.0048EPSS
CVE
CVE
added 2024/03/18 5:54 p.m.91 views

CVE-2024-26043

CVE-2024-26043 concerns a stored Cross-Site Scripting (XSS) vulnerability in Adobe Experience Manager (AEM) versions 6.5.19 and earlier. The issue allows an attacker to inject malicious scripts into vulnerable form fields, with JavaScript executed in a victim’s browser upon visiting the affected ...

5.4CVSS5.3AI score0.00427EPSS
CVE
CVE
added 2024/06/13 7:53 a.m.91 views

CVE-2024-36217

CVE-2024-36217 affects Adobe Experience Manager (AEM) 6.5.20 and earlier. The vulnerability is a stored XSS in vulnerable form fields, allowing malicious JavaScript to run in a victim’s browser when loading the page containing the field. The CVE entry notes a MEDIUM base score (CVSS 3.1: 5.4) wit...

5.4CVSS5.3AI score0.00313EPSS
CVE
CVE
added 2020/12/10 5:32 a.m.90 views

CVE-2020-24445

CVE-2020-24445 affects Adobe Experience Manager (AEM) Cloud Service and on-prem versions up to 6.5.6.0, with a stored XSS in vulnerable form fields. Root cause: insufficient input handling that allows arbitrary JavaScript execution in the victim’s browser. Impact per sources: high confidentiality...

9CVSS8AI score0.02535EPSS
CVE
CVE
added 2023/03/22 12:0 a.m.90 views

CVE-2023-22260

CVE-2023-22260 affects Adobe Experience Manager 6.5.15.0 and earlier. It is a URL Redirection to Untrusted Site (Open Redirect) vulnerability that could be exploited by a low-privilege authenticated user to redirect victims to malicious sites, requiring user interaction. Remediation references up...

5.4CVSS5.1AI score0.00478EPSS
CVE
CVE
added 2023/09/13 1:1 p.m.90 views

CVE-2023-38214

CVE-2023-38214 affects Adobe Experience Manager (AEM) 6.5.17 and earlier with a reflected XSS vulnerability. Scenario: a low-privileged attacker lures a user to a crafted URL referencing a vulnerable page, causing arbitrary JavaScript to execute in the victim’s browser. Exploitation requires user...

5.4CVSS5.1AI score0.00363EPSS
CVE
CVE
added 2024/03/18 5:54 p.m.90 views

CVE-2024-26034

Affected product: Adobe Experience Manager (AEM) 6.5.19 and earlier. Vulnerability type: stored Cross-Site Scripting (XSS) in vulnerable form fields. Root cause/impact: malicious JavaScript could be injected and executed in a victim’s browser when viewing pages containing the vulnerable field. Ex...

5.4CVSS5.3AI score0.00427EPSS
CVE
CVE
added 2022/09/16 5:45 p.m.89 views

CVE-2022-30683

CVE-2022-30683 affects Adobe Experience Manager 6.5.13.0 and earlier. It is a Violation of Secure Design Principles that could bypass the backend encryption feature and allow decryption of secrets. Exploitation requires low privileges and the attacker to already possess those secrets; the attack ...

5.3CVSS5.1AI score0.00612EPSS
CVE
CVE
added 2022/12/21 1:21 a.m.89 views

CVE-2022-44463

CVE-2022-44463 affects Adobe Experience Manager (AEM) 6.5.14 and earlier. A reflected Cross-Site Scripting (XSS) vulnerability can execute malicious JavaScript in the victim’s browser if a user is lured to a vulnerable page URL. The CVE description specifies low-privileged, network-access conditi...

5.4CVSS5AI score0.0048EPSS
CVE
CVE
added 2019/10/25 3:20 p.m.88 views

CVE-2019-8087

CVE-2019-8087 affects Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2. The issue is an XML External Entity (XXE) injection that could lead to sensitive information disclosure. Root cause is XXE in AEM’s handling of XML external entities. Public details confirm the vulnerability exists and...

7.5CVSS7.1AI score0.03648EPSS
CVE
CVE
added 2022/09/23 6:15 p.m.88 views

CVE-2022-38439

Adobe Experience Manager (AEM) versions 6.5.13.0 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. Exploitation requires low-privilege access and user interaction (victim must visit a crafted URL), potentially allowing execution of malicious JavaScript in the victi...

5.4CVSS5.3AI score0.00515EPSS
CVE
CVE
added 2023/03/22 12:0 a.m.88 views

CVE-2023-22271

Adobe Experience Manager (AEM) 6.5.x

5.3CVSS5.4AI score0.00818EPSS
CVE
CVE
added 2024/03/18 5:54 p.m.88 views

CVE-2024-26069

Adobe Experience Manager (AEM) versions 6.5.19 and earlier are affected by a stored XSS vulnerability in vulnerable form fields that can inject malicious JavaScript executed in a victim’s browser. Contributing details from connected sources confirm the issue is a stored XSS (CWE-79) and that expl...

5.4CVSS5AI score0.00427EPSS
CVE
CVE
added 2024/03/18 5:54 p.m.87 views

CVE-2024-26056

Adobe Experience Manager (AEM)

5.4CVSS5.3AI score0.00427EPSS
CVE
CVE
added 2024/03/18 5:54 p.m.87 views

CVE-2024-26064

Adobe Experience Manager is affected in versions 6.5.19 and earlier by a DOM‑based XSS vulnerability (CVE-2024-26064). The issue allows an attacker to inject malicious scripts that execute in the victim’s browser when they visit a page containing the vulnerable script, potentially leading to arbi...

5.4CVSS6.2AI score0.0054EPSS
CVE
CVE
added 2024/03/18 5:54 p.m.87 views

CVE-2024-26103

Adobe Experience Manager (AEM) 6.5.19 and earlier is affected by a reflected Cross‑Site Scripting (XSS) vulnerability (CVE-2024-26103) that can execute malicious JavaScript in a victim’s browser when a user visits a crafted URL referencing a vulnerable page. The CVSS 3.1 base score is 5.4 (Medium...

5.4CVSS5.6AI score0.00427EPSS
CVE
CVE
added 2019/10/25 3:15 p.m.86 views

CVE-2019-8085

Adobe Experience Manager (AEM) 6.x — specifically versions 6.5, 6.4, 6.3 and 6.2 — is affected by a reflected cross-site scripting vulnerability (CVE-2019-8085). Exploitation could lead to sensitive information disclosure. The advisory APSB19-48 and the Nessus plugin indicate patches: 6.3.3.6, 6....

6.1CVSS5.4AI score0.01498EPSS
CVE
CVE
added 2022/09/16 5:45 p.m.86 views

CVE-2022-30681

CVE-2022-30681 affects Adobe Experience Manager (AEM) 6.5.13.0 and earlier, with a reflected Cross-Site Scripting (XSS) vulnerability. The issue allows an attacker to cause malicious JavaScript to run in a victim’s browser when the user visits a crafted URL referencing a vulnerable page. Exploita...

5.4CVSS5AI score0.00533EPSS
CVE
CVE
added 2022/12/19 10:0 a.m.86 views

CVE-2022-35696

Adobe Experience Manager (AEM) 6.5.14 and earlier is affected by a reflected Cross-Site Scripting (XSS) vulnerability. The issue arises from inadequate protection of the web page structure, enabling a remote attacker to lure a victim to a crafted URL and cause JavaScript to run in the user’s brow...

5.4CVSS5AI score0.00708EPSS
CVE
CVE
added 2023/03/22 12:0 a.m.86 views

CVE-2023-22252

CVE-2023-22252 affects Adobe Experience Manager (AEM) Experience Manager 6.5.15.0 and earlier, with a reflected XSS flaw that can execute malicious JavaScript in a victim’s browser when a user is lured to a vulnerable URL. CVSS‑3.1 base score 5.4 (MEDIUM): confidentiality and integrity impact LOW...

5.4CVSS5AI score0.0048EPSS
CVE
CVE
added 2023/03/22 12:0 a.m.86 views

CVE-2023-22264

Adobe Experience Manager (AEM) 6.5.15.0 and earlier is affected by a URL redirection to untrusted site vulnerability (CVE-2023-22264). The issue allows a low‑privilege authenticated attacker to induce redirection to a malicious site, requiring user interaction. Mitigation in the public advisory A...

5.4CVSS5.1AI score0.00478EPSS
CVE
CVE
added 2024/03/18 5:54 p.m.86 views

CVE-2024-26044

CVE-2024-26044 affects Adobe Experience Manager (AEM) 6.5.19 and earlier with a DOM-based XSS vulnerability in the web page handling that could cause malicious JavaScript to execute in a victim’s browser, potentially enabling arbitrary code execution in the browser context. The issue is documente...

5.4CVSS6.2AI score0.0054EPSS
CVE
CVE
added 2024/03/18 5:54 p.m.86 views

CVE-2024-26052

Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability in vulnerable form fields. An attacker could inject malicious JavaScript that executes in a victim’s browser when loading the page containing the field. The CVE-2024-26052 entry ...

5.4CVSS5.3AI score0.00427EPSS
CVE
CVE
added 2024/03/18 5:54 p.m.86 views

CVE-2024-26062

Adobe Experience Manager (AEM) up to version 6.5.19 and earlier is affected by a stored Cross-Site Scripting (XSS) vulnerability in vulnerable form fields, allowing injected JavaScript to execute in a victim’s browser when visiting pages containing those fields. The root cause involves improper h...

5.4CVSS5AI score0.00427EPSS
CVE
CVE
added 2024/03/18 5:54 p.m.86 views

CVE-2024-26065

Adobe Experience Manager (AEM) 6.5.19 and earlier is affected by a stored Cross-Site Scripting (XSS) vulnerability in vulnerable form fields, enabling injected JavaScript to run in a user’s browser when visiting the page with the field. Connected sources confirm the issue affects AEM versions up ...

5.4CVSS5.3AI score0.00427EPSS
CVE
CVE
added 2022/01/13 8:27 p.m.85 views

CVE-2021-40722

Adobe Experience Manager (AEM) – CVE-2021-40722 affects AEM Forms Cloud Service and on-prem 6.5.10.0 and earlier via an XML External Entity (XXE) injection that can lead to RCE. The connected advisories list this CVE as part of APSB21-103 and note remediation by upgrading to 6.5.11.0 or applying ...

9.8CVSS9.5AI score0.03273EPSS
CVE
CVE
added 2022/12/21 1:21 a.m.84 views

CVE-2022-42362

CVE-2022-42362 concerns Adobe Experience Manager (AEM) 6.5.14 and earlier, with a reflected Cross-Site Scripting (XSS) vulnerability. An attacker who lure a user to a crafted URL can cause malicious JavaScript to run in the victim’s browser context. The available connected documents confirm the a...

5.4CVSS5AI score0.0048EPSS
CVE
CVE
added 2022/12/19 10:0 a.m.84 views

CVE-2022-42366

Adobe Experience Manager (AEM)

5.4CVSS5AI score0.00708EPSS
Total number of security vulnerabilities1148