183 matches found
CVE-2022-44474
CVE-2022-44474 is an Adobe Experience Manager (AEM) reflected XSS affecting version 6.5.14 and earlier. The vulnerability allows a low-privileged attacker to entice a user to visit a crafted URL, causing malicious JavaScript to run in the victim’s browser. The primary exploitation detail is a ref...
CVE-2023-38215
CVE-2023-38215 affects Adobe Experience Manager (AEM) versions 6.5.17 and earlier. It is a reflected XSS vulnerability: a low-privilege attacker lures a victim to a crafted URL, causing malicious JavaScript to execute in the user’s browser. CVSS v3.1 base score 5.4 (Medium): AV:N/AC:L/PR:L/UI:R/S...
CVE-2023-21615
Summary of CVE-2023-21615 : Adobe Experience Manager (AEM) 6.5.x up to 6.5.15.0 is affected by a reflected XSS vulnerability. An attacker with low privileges can lure a user to a crafted URL referencing a vulnerable page, causing JavaScript execution in the victim’s browser. The CVSS 3.1 score is...
CVE-2023-29304
Summary: CVE-2023-29304 affects Adobe Experience Manager (AEM) 6.5.16.0 and earlier and is a reflected Cross-Site Scripting (XSS) vulnerability. The attack requires a low-privileged user to lure a victim to a crafted URL referencing a vulnerable page, enabling execution of malicious JavaScript in...
CVE-2023-22254
CVE-2023-22254 affects Adobe Experience Manager (AEM) Experience Manager 6.5.15.0 and earlier with a reflected XSS in which a low-privileged attacker entices a victim to visit a crafted URL referencing a vulnerable page, causing malicious JavaScript to run in the victim’s browser. The vulnerabili...
CVE-2023-22260
CVE-2023-22260 affects Adobe Experience Manager 6.5.15.0 and earlier. It is a URL Redirection to Untrusted Site (Open Redirect) vulnerability that could be exploited by a low-privilege authenticated user to redirect victims to malicious sites, requiring user interaction. Remediation references up...
CVE-2020-24445
CVE-2020-24445 affects Adobe Experience Manager (AEM) Cloud Service and on-prem versions up to 6.5.6.0, with a stored XSS in vulnerable form fields. Root cause: insufficient input handling that allows arbitrary JavaScript execution in the victim’s browser. Impact per sources: high confidentiality...
CVE-2022-38439
Adobe Experience Manager (AEM) versions 6.5.13.0 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. Exploitation requires low-privilege access and user interaction (victim must visit a crafted URL), potentially allowing execution of malicious JavaScript in the victi...
CVE-2022-44463
CVE-2022-44463 affects Adobe Experience Manager (AEM) 6.5.14 and earlier. A reflected Cross-Site Scripting (XSS) vulnerability can execute malicious JavaScript in the victim’s browser if a user is lured to a vulnerable page URL. The CVE description specifies low-privileged, network-access conditi...
CVE-2022-35696
Adobe Experience Manager (AEM) 6.5.14 and earlier is affected by a reflected Cross-Site Scripting (XSS) vulnerability. The issue arises from inadequate protection of the web page structure, enabling a remote attacker to lure a victim to a crafted URL and cause JavaScript to run in the user’s brow...
CVE-2023-22271
Adobe Experience Manager (AEM) 6.5.x
CVE-2023-22252
CVE-2023-22252 affects Adobe Experience Manager (AEM) Experience Manager 6.5.15.0 and earlier, with a reflected XSS flaw that can execute malicious JavaScript in a victim’s browser when a user is lured to a vulnerable URL. CVSS‑3.1 base score 5.4 (MEDIUM): confidentiality and integrity impact LOW...
CVE-2021-40722
Adobe Experience Manager (AEM) – CVE-2021-40722 affects AEM Forms Cloud Service and on-prem 6.5.10.0 and earlier via an XML External Entity (XXE) injection that can lead to RCE. The connected advisories list this CVE as part of APSB21-103 and note remediation by upgrading to 6.5.11.0 or applying ...
CVE-2023-22264
Adobe Experience Manager (AEM) 6.5.15.0 and earlier is affected by a URL redirection to untrusted site vulnerability (CVE-2023-22264). The issue allows a low‑privilege authenticated attacker to induce redirection to a malicious site, requiring user interaction. Mitigation in the public advisory A...
CVE-2022-42362
CVE-2022-42362 concerns Adobe Experience Manager (AEM) 6.5.14 and earlier, with a reflected Cross-Site Scripting (XSS) vulnerability. An attacker who lure a user to a crafted URL can cause malicious JavaScript to run in the victim’s browser context. The available connected documents confirm the a...
CVE-2022-42366
Adobe Experience Manager (AEM)
CVE-2022-44467
Adobe Experience Manager 6.5.14 and earlier are affected by a reflected XSS vulnerability (CVE-2022-44467). The issue allows a low-privilege attacker to entice a user to visit a crafted URL, causing arbitrary JavaScript execution in the user’s browser. Affected component: AEM web UI/pages referen...
CVE-2022-42357
Adobe Experience Manager (AEM) versions 6.5.14 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability triggered when a victim is enticed to visit a crafted URL, allowing malicious JavaScript to run in the victim’s browser. The vulnerability is described across multiple s...
CVE-2022-44462
CVE-2022-44462 affects Adobe Experience Manager (AEM) 6.5.14 and earlier, with a reflected XSS vulnerability that a low-privileged attacker can trigger by convincing a victim to visit a crafted URL, enabling execution of malicious JavaScript in the victim’s browser. The issue is documented across...
CVE-2022-44473
CVE-2022-44473 affects Adobe Experience Manager (AEM) versions 6.5.14 and earlier. A reflected XSS vulnerability allows a low-privileged attacker to lure a victim to a crafted URL, causing arbitrary JavaScript to execute in the victim’s browser. Root cause is described as insufficient protection ...
CVE-2023-22257
Adobe Experience Manager (AEM) 6.5.15.0 and earlier is affected by a URL redirect to an untrusted site (Open Redirect). The issue enables a low-privilege authenticated attacker to redirect users to a malicious site and requires user interaction. Remediation per APSB23-18 is to apply the security ...
CVE-2022-38438
CVE-2022-38438 affects Adobe Experience Manager versions 6.5.13.0 and earlier with a reflected Cross-Site Scripting (XSS) vulnerability. The issue can be triggered when a victim is convinced to visit a vulnerable URL, allowing malicious JavaScript to execute in the browser context. Exploitation r...
CVE-2023-29322
Adobe Experience Manager versions 6.5.16.0 and earlier are affected by a reflected XSS vulnerability (CVE-2023-29322). A low-privileged attacker can lure a victim to a crafted URL that executes malicious JavaScript in the victim’s browser. Remediation: update to AEM 6.5.17.0 or apply vendor-suppl...
CVE-2022-30679
Adobe Experience Manager (AEM) 6.5.14 and earlier is affected by a reflected Cross-Site Scripting (XSS) vulnerability (CVE-2022-30679). A low-privileged attacker can entice a victim to visit a crafted URL, enabling malicious JavaScript to run in the victim’s browser. CVSS metrics indicate Network...
CVE-2022-35693
CVE-2022-35693 concerns Adobe Experience Manager (AEM) up to version 6.5.14 and earlier, with a reflected XSS vulnerability. The issue arises from how vulnerable pages reference user-controlled data, allowing a low-privileged attacker to lure a victim to a crafted URL and cause arbitrary JavaScri...
CVE-2022-44468
Affected software: Adobe Experience Manager (AEM) 6.5.14 and earlier. Vulnerability: Reflected Cross-Site Scripting (XSS) that can execute malicious JavaScript in the victim’s browser when a user visits a crafted URL referencing a vulnerable page. Root cause/impact: XSS in AEM pages; enables scri...
CVE-2022-42345
Adobe Experience Manager (AEM) 6.5.14 and earlier are affected by a reflected XSS vulnerability (CVE-2022-42345) where a low-privilege attacker must induce a victim to visit a vulnerable URL; malicious JavaScript can execute in the victim’s browser. Impact aligns with MEDIUM severity (CVSS 3.1: A...
CVE-2022-44469
CVE-2022-44469 affects Adobe Experience Manager 6.5.14 and earlier. A reflected XSS flaw could allow a low-privileged attacker to lure a user to a crafted URL, causing malicious JavaScript to run in the victim’s browser. Impact: potential script execution within the user context; exploitation req...
CVE-2023-22261
Adobe Experience Manager (AEM) 6.5.15.0 and earlier is affected by a URL redirection to an untrusted site vulnerability (Open Redirect). A low-privilege authenticated user can trigger redirects to malicious sites, with exploitation requiring user interaction. Remediation: update to 6.5.16.0 or la...
CVE-2022-42367
Adobe Experience Manager (AEM) versions 6.5.14 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability (CVE-2022-42367). The issue can be exploited when a low-privilege attacker entices a victim to visit a crafted URL referencing a vulnerable page, potentially executing m...
CVE-2022-44465
Adobe Experience Manager (AEM) up to v6.5.14 and earlier is affected by a reflected XSS vulnerability. A low-privileged attacker can entice a victim to visit a crafted URL referencing a vulnerable page, allowing malicious JavaScript to run in the victim’s browser. The issue stems from insufficien...
CVE-2023-29307
Adobe Experience Manager (AEM) 6.5.16.0 and earlier is affected by a URL Redirection to Untrusted Site vulnerability. An authenticated, low-privilege user could trigger a redirect to a malicious site, with exploitation requiring user interaction. The issue is documented under CVE-2023-29307 and i...
CVE-2022-35694
Adobe Experience Manager (AEM) 6.5.14 and earlier is affected by a reflected XSS that allows an attacker with low privileges, by enticing a victim to visit a crafted URL, to execute malicious JavaScript in the victim’s browser. The issue is described across multiple sources as a reflected Cross‑S...
CVE-2022-42346
CVE-2022-42346 affects Adobe Experience Manager 6.5.14 and earlier with a reflected XSS vulnerability. A low-privileged attacker can lure a victim to a crafted URL, causing malicious JavaScript to run in the browser. Root cause: insufficient input handling leading to reflected XSS. Impact: browse...
CVE-2022-42350
Adobe Experience Manager (AEM) 6.5.14 and earlier is affected by a reflected Cross-Site Scripting (XSS) vulnerability. A low-privileged attacker can lure a victim to a crafted URL referencing a vulnerable page, causing malicious JavaScript to run in the victim’s browser. Affected component: AEM w...
CVE-2022-42348
CVE-2022-42348 affects Adobe Experience Manager (AEM) 6.5.14 and earlier, through a reflected Cross-Site Scripting (XSS) flaw that can execute malicious JavaScript in a victim’s browser when a crafted URL is visited. The issue is demonstrated in AEM’s handling of vulnerable pages, with exploitati...
CVE-2023-22269
CVE-2023-22269 affects Adobe Experience Manager (AEM) 6.5.x, specifically 6.5.15.0 and earlier. The vulnerability is a reflected XSS in which an attacker lures a victim to a crafted URL referencing a vulnerable page, causing malicious JavaScript to execute in the victim’s browser. Exploitation is...
CVE-2022-42352
CVE-2022-42352 — Adobe Experience Manager (AEM) : The issue is a reflected Cross-Site Scripting (XSS) vulnerability in AEM versions 6.5.14 and earlier. A low-privileged attacker can lure a victim to a URL referencing a vulnerable page, causing malicious JavaScript to execute in the victim’s brows...
CVE-2022-42360
Adobe Experience Manager 6.5.14 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker with low privileges can lure a victim to a URL referencing a vulnerable page, allowing malicious JavaScript to run in the victim’s browser. The issue is documented in CVE-...
CVE-2022-42364
CVE-2022-42364 (Adobe Experience Manager) is a reflected Cross-Site Scripting vulnerability affecting AEM 6.5.14 and earlier. The issue arises in how vulnerable pages process input, allowing a low-privilege attacker to lure a user to a crafted URL and execute malicious JavaScript in the victim’s ...
CVE-2023-22263
Adobe Experience Manager (AEM) 6.5.15.0 and earlier is affected by a URL redirection to an untrusted site (Open Redirect). The vulnerability enables a low-privilege authenticated attacker to induce users to be redirected to malicious websites, with exploitation requiring user interaction. AEM ver...
CVE-2022-42351
Adobe Experience Manager (AEM) versions 6.5.14 and earlier are affected by CVE-2022-42351, an Incorrect Authorization vulnerability that allows a low-privileged attacker to disclose low-level confidential information and bypass certain security features without user interaction. Affected componen...
CVE-2022-44488
Adobe Experience Manager (AEM) versions 6.5.14 and earlier are affected by CVE-2022-44488, an Open Redirect vulnerability where a low-privilege authenticated attacker can cause users to be redirected to a malicious site. Exploitation requires user interaction. Mitigation: upgrade to a fixed versi...
CVE-2022-35695
CVE-2022-35695 affects Adobe Experience Manager (AEM) versions 6.5.14 and earlier, with a reflected XSS vulnerability that can cause malicious JavaScript to execute in a victim’s browser when a user is lured to a crafted URL. Exploitation requires user interaction and low privileges. Affected com...
CVE-2022-42349
Summary: CVE-2022-42349 affects Adobe Experience Manager (AEM) 6.5.14 and earlier. The issue is a reflected Cross‑Site Scripting (XSS) vulnerability that can execute malicious JavaScript in a victim’s browser if the user visits a crafted URL referencing a vulnerable page. Impact details : attacke...
CVE-2022-44470
CVE-2022-44470 affects Adobe Experience Manager (AEM) 6.5.14 and earlier. It is a reflected Cross-Site Scripting (XSS) vulnerability: if a low-privileged user is induced to visit a URL referencing a vulnerable page, a victim’s browser may execute malicious JavaScript. The issue is explicitly desc...
CVE-2022-44471
Adobe Experience Manager 6.5.14 and earlier are affected by CVE-2022-44471: a reflected XSS that allows a low-privileged attacker to lure a victim to a vulnerable URL and have malicious JavaScript run in the victim’s browser. The records note available security updates for AEM (APSB22-59) to addr...
CVE-2022-42356
Adobe Experience Manager (AEM) 6.5.14 and earlier is affected by a reflected cross-site scripting (XSS) vulnerability. A low-privilege attacker can lure a victim to a vulnerable URL, causing malicious JavaScript to execute in the victim’s browser. The CVSS v3.1 base score is 5.4 (Medium). Remedia...
CVE-2022-42365
CVE-2022-42365 – AEM reflected XSS : Adobe Experience Manager 6.5.14 and earlier is vulnerable to a reflected Cross-Site Scripting attack. A low-privilege attacker can trick a user into visiting a URL referencing a vulnerable page, causing malicious JavaScript to execute in the user’s browser con...
CVE-2022-42354
CVE-2022-42354 describes a reflected XSS in Adobe Experience Manager (AEM) 6.5.14 and earlier: a low-privileged attacker can convince a victim to visit a crafted URL, causing arbitrary JavaScript to run in the victim’s browser. Connected sources confirm this is an AEM page-context XSS vulnerabili...