1148 matches found
CVE-2019-7964
CVE-2019-7964 affects Adobe Experience Manager (AEM) versions 6.4 and 6.5 . The connected documents describe a vulnerability in the Security Assertion Markup Language (SAML) handler that constitutes an authentication bypass , which could permit an attacker to gain unauthorized access to the AEM e...
CVE-2019-16469
Adobe Experience Manager (AEM) is affected by an expression language injection vulnerability (CVE-2019-16469) across AEM 6.0–6.5. The Nuclei template corroborates the affected versions and states successful exploitation could lead to sensitive information disclosure. Root cause: expression langua...
CVE-2016-0956
CVE-2016-0956 affects the Apache Sling Servlets Post component (version 2.3.6) used by Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0. The issue is an information-disclosure vulnerability in Sling Post 2.3.6 allowing remote attackers to obtain sensitive information via unspecified vectors. APSB...
CVE-2016-0957
Adobe Experience Manager Dispatcher vulnerability CVE-2016-0957 affects Dispatcher before 4.1.5 used with AEM 5.6.1, 6.0.0, and 6.1.0. The flaw is a URL filter bypass that allows remote attackers to bypass Dispatcher rules via unspecified vectors, potentially bypassing security controls. Mitigati...
CVE-2019-7955
CVE-2019-7955 is a reflected cross-site scripting vulnerability affecting Adobe Experience Manager 6.4 and earlier. The Red Hat and NVD entries corroborate that exploitation can lead to sensitive information disclosure in the context of the current user. Exploitation is network-based with user in...
CVE-2022-28851
CVE-2022-28851 affects Adobe Experience Manager 6.5.13.0 and earlier with a reflected XSS vulnerability. Exploit requires low privileges and user interaction; malicious script runs in the victim’s browser via a crafted URL. Connected sources confirm related Adobe APSB updates for AEM (APSB22-59) ...
CVE-2019-8086
Adobe Experience Manager is affected by an XML External Entity (XXE) injection (CVE-2019-8086) in AEM 6.2–6.5. The vulnerability stems from improper handling of XML external entities, potentially enabling an attacker to disclose sensitive information; data modification or unauthorized administrat...
CVE-2024-36236
CVE-2024-36236 affects Adobe Experience Manager 6.5.20 and earlier with a DOM-based XSS that can allow arbitrary JavaScript in a victim’s browser, typically requiring user interaction. Adobe has released updates (APSB24-28) to fix these issues; customers should upgrade to 6.5.21+ or apply the ava...
CVE-2019-8080
CVE-2019-8080 affects Adobe Experience Manager 6.3 and 6.4 (and related 6.5 lines) with a stored cross-site scripting vulnerability that, when exploited, can lead to privilege escalation. The public description states the issue is a stored XSS in AEM, enabling elevation of privileges under certai...
CVE-2016-6933
CVE-2016-6933 affects Adobe Experience Manager Forms (Versions 6.2 and earlier) and LiveCycle (11.0.1, 10.0.4) with an input validation issue in the AACComponent that could be exploited for cross-site scripting. Connected advisories (e.g., APSB16-40) indicate Adobe released security updates addre...
CVE-2019-8079
CVE-2019-8079 affects Adobe Experience Manager (AEM) 6.x — specifically versions 6.4, 6.3, 6.2, 6.1 and 6.0 — with a stored cross-site scripting vulnerability. The issue could allow an attacker to disclose sensitive information upon successful exploitation. Technical detail across connected docum...
CVE-2024-26028
Adobe Experience Manager (AEM) versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability (CVE-2024-26028). The issue occurs in vulnerable form fields where malicious JavaScript can be stored and executed when a user visits the page containing the field. CVE det...
CVE-2024-26042
CVE-2024-26042 affects Adobe Experience Manager (AEM) versions
CVE-2019-8078
CVE-2019-8078 affects Adobe Experience Manager 6.x specifically 6.2, 6.3 and 6.4. The vulnerability is a reflected cross-site scripting issue that could lead to sensitive information disclosure. Remediation per public advisories is to apply the APSB19-48 updates, upgrading to affected fixed versi...
CVE-2022-44474
CVE-2022-44474 is an Adobe Experience Manager (AEM) reflected XSS affecting version 6.5.14 and earlier. The vulnerability allows a low-privileged attacker to entice a user to visit a crafted URL, causing malicious JavaScript to run in the victim’s browser. The primary exploitation detail is a ref...
CVE-2023-38215
CVE-2023-38215 affects Adobe Experience Manager (AEM) versions 6.5.17 and earlier. It is a reflected XSS vulnerability: a low-privilege attacker lures a victim to a crafted URL, causing malicious JavaScript to execute in the user’s browser. CVSS v3.1 base score 5.4 (Medium): AV:N/AC:L/PR:L/UI:R/S...
CVE-2019-7953
Adobe Experience Manager 6.4 and earlier versions are affected by a Cross-Site Request Forgery vulnerability that could allow sensitive information disclosure in the context of the current user. Publicly documented details come from multiple sources (NVD, Red Hat, CVE lists, and Adobe APSB19-38) ...
CVE-2023-21615
Summary of CVE-2023-21615 : Adobe Experience Manager (AEM) 6.5.x up to 6.5.15.0 is affected by a reflected XSS vulnerability. An attacker with low privileges can lure a user to a crafted URL referencing a vulnerable page, causing JavaScript execution in the victim’s browser. The CVSS 3.1 score is...
CVE-2023-29304
Summary: CVE-2023-29304 affects Adobe Experience Manager (AEM) 6.5.16.0 and earlier and is a reflected Cross-Site Scripting (XSS) vulnerability. The attack requires a low-privileged user to lure a victim to a crafted URL referencing a vulnerable page, enabling execution of malicious JavaScript in...
CVE-2024-20800
CVE-2024-20800 affects Adobe Experience Manager versions 6.5.19 and earlier. The issue is a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by a low-privileged attacker to inject malicious scripts into vulnerable web pages, potentially leading to arbitrary code executio...
CVE-2019-7954
CVE-2019-7954 describes a stored cross-site scripting vulnerability in Adobe Experience Manager versions 6.4 and earlier. The issue allows an attacker to disclose sensitive information in the context of the current user, as noted in multiple sources (NVD/Red Hat entries). Exploitation could occur...
CVE-2024-26032
Adobe Experience Manager (AEM)
CVE-2023-22254
CVE-2023-22254 affects Adobe Experience Manager (AEM) Experience Manager 6.5.15.0 and earlier with a reflected XSS in which a low-privileged attacker entices a victim to visit a crafted URL referencing a vulnerable page, causing malicious JavaScript to run in the victim’s browser. The vulnerabili...
CVE-2024-26043
CVE-2024-26043 concerns a stored Cross-Site Scripting (XSS) vulnerability in Adobe Experience Manager (AEM) versions 6.5.19 and earlier. The issue allows an attacker to inject malicious scripts into vulnerable form fields, with JavaScript executed in a victim’s browser upon visiting the affected ...
CVE-2024-36217
CVE-2024-36217 affects Adobe Experience Manager (AEM) 6.5.20 and earlier. The vulnerability is a stored XSS in vulnerable form fields, allowing malicious JavaScript to run in a victim’s browser when loading the page containing the field. The CVE entry notes a MEDIUM base score (CVSS 3.1: 5.4) wit...
CVE-2020-24445
CVE-2020-24445 affects Adobe Experience Manager (AEM) Cloud Service and on-prem versions up to 6.5.6.0, with a stored XSS in vulnerable form fields. Root cause: insufficient input handling that allows arbitrary JavaScript execution in the victim’s browser. Impact per sources: high confidentiality...
CVE-2023-22260
CVE-2023-22260 affects Adobe Experience Manager 6.5.15.0 and earlier. It is a URL Redirection to Untrusted Site (Open Redirect) vulnerability that could be exploited by a low-privilege authenticated user to redirect victims to malicious sites, requiring user interaction. Remediation references up...
CVE-2023-38214
CVE-2023-38214 affects Adobe Experience Manager (AEM) 6.5.17 and earlier with a reflected XSS vulnerability. Scenario: a low-privileged attacker lures a user to a crafted URL referencing a vulnerable page, causing arbitrary JavaScript to execute in the victim’s browser. Exploitation requires user...
CVE-2024-26034
Affected product: Adobe Experience Manager (AEM) 6.5.19 and earlier. Vulnerability type: stored Cross-Site Scripting (XSS) in vulnerable form fields. Root cause/impact: malicious JavaScript could be injected and executed in a victim’s browser when viewing pages containing the vulnerable field. Ex...
CVE-2022-30683
CVE-2022-30683 affects Adobe Experience Manager 6.5.13.0 and earlier. It is a Violation of Secure Design Principles that could bypass the backend encryption feature and allow decryption of secrets. Exploitation requires low privileges and the attacker to already possess those secrets; the attack ...
CVE-2022-44463
CVE-2022-44463 affects Adobe Experience Manager (AEM) 6.5.14 and earlier. A reflected Cross-Site Scripting (XSS) vulnerability can execute malicious JavaScript in the victim’s browser if a user is lured to a vulnerable page URL. The CVE description specifies low-privileged, network-access conditi...
CVE-2019-8087
CVE-2019-8087 affects Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2. The issue is an XML External Entity (XXE) injection that could lead to sensitive information disclosure. Root cause is XXE in AEM’s handling of XML external entities. Public details confirm the vulnerability exists and...
CVE-2022-38439
Adobe Experience Manager (AEM) versions 6.5.13.0 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. Exploitation requires low-privilege access and user interaction (victim must visit a crafted URL), potentially allowing execution of malicious JavaScript in the victi...
CVE-2023-22271
Adobe Experience Manager (AEM) 6.5.x
CVE-2024-26069
Adobe Experience Manager (AEM) versions 6.5.19 and earlier are affected by a stored XSS vulnerability in vulnerable form fields that can inject malicious JavaScript executed in a victim’s browser. Contributing details from connected sources confirm the issue is a stored XSS (CWE-79) and that expl...
CVE-2024-26056
Adobe Experience Manager (AEM)
CVE-2024-26064
Adobe Experience Manager is affected in versions 6.5.19 and earlier by a DOM‑based XSS vulnerability (CVE-2024-26064). The issue allows an attacker to inject malicious scripts that execute in the victim’s browser when they visit a page containing the vulnerable script, potentially leading to arbi...
CVE-2024-26103
Adobe Experience Manager (AEM) 6.5.19 and earlier is affected by a reflected Cross‑Site Scripting (XSS) vulnerability (CVE-2024-26103) that can execute malicious JavaScript in a victim’s browser when a user visits a crafted URL referencing a vulnerable page. The CVSS 3.1 base score is 5.4 (Medium...
CVE-2019-8085
Adobe Experience Manager (AEM) 6.x — specifically versions 6.5, 6.4, 6.3 and 6.2 — is affected by a reflected cross-site scripting vulnerability (CVE-2019-8085). Exploitation could lead to sensitive information disclosure. The advisory APSB19-48 and the Nessus plugin indicate patches: 6.3.3.6, 6....
CVE-2022-30681
CVE-2022-30681 affects Adobe Experience Manager (AEM) 6.5.13.0 and earlier, with a reflected Cross-Site Scripting (XSS) vulnerability. The issue allows an attacker to cause malicious JavaScript to run in a victim’s browser when the user visits a crafted URL referencing a vulnerable page. Exploita...
CVE-2022-35696
Adobe Experience Manager (AEM) 6.5.14 and earlier is affected by a reflected Cross-Site Scripting (XSS) vulnerability. The issue arises from inadequate protection of the web page structure, enabling a remote attacker to lure a victim to a crafted URL and cause JavaScript to run in the user’s brow...
CVE-2023-22252
CVE-2023-22252 affects Adobe Experience Manager (AEM) Experience Manager 6.5.15.0 and earlier, with a reflected XSS flaw that can execute malicious JavaScript in a victim’s browser when a user is lured to a vulnerable URL. CVSS‑3.1 base score 5.4 (MEDIUM): confidentiality and integrity impact LOW...
CVE-2023-22264
Adobe Experience Manager (AEM) 6.5.15.0 and earlier is affected by a URL redirection to untrusted site vulnerability (CVE-2023-22264). The issue allows a low‑privilege authenticated attacker to induce redirection to a malicious site, requiring user interaction. Mitigation in the public advisory A...
CVE-2024-26044
CVE-2024-26044 affects Adobe Experience Manager (AEM) 6.5.19 and earlier with a DOM-based XSS vulnerability in the web page handling that could cause malicious JavaScript to execute in a victim’s browser, potentially enabling arbitrary code execution in the browser context. The issue is documente...
CVE-2024-26052
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability in vulnerable form fields. An attacker could inject malicious JavaScript that executes in a victim’s browser when loading the page containing the field. The CVE-2024-26052 entry ...
CVE-2024-26062
Adobe Experience Manager (AEM) up to version 6.5.19 and earlier is affected by a stored Cross-Site Scripting (XSS) vulnerability in vulnerable form fields, allowing injected JavaScript to execute in a victim’s browser when visiting pages containing those fields. The root cause involves improper h...
CVE-2024-26065
Adobe Experience Manager (AEM) 6.5.19 and earlier is affected by a stored Cross-Site Scripting (XSS) vulnerability in vulnerable form fields, enabling injected JavaScript to run in a user’s browser when visiting the page with the field. Connected sources confirm the issue affects AEM versions up ...
CVE-2021-40722
Adobe Experience Manager (AEM) – CVE-2021-40722 affects AEM Forms Cloud Service and on-prem 6.5.10.0 and earlier via an XML External Entity (XXE) injection that can lead to RCE. The connected advisories list this CVE as part of APSB21-103 and note remediation by upgrading to 6.5.11.0 or applying ...
CVE-2022-42362
CVE-2022-42362 concerns Adobe Experience Manager (AEM) 6.5.14 and earlier, with a reflected Cross-Site Scripting (XSS) vulnerability. An attacker who lure a user to a crafted URL can cause malicious JavaScript to run in the victim’s browser context. The available connected documents confirm the a...
CVE-2022-42366
Adobe Experience Manager (AEM)