Experience Manager Security Vulnerabilities and Issues — Page 4 of Experience Manager CVE List

Lucene search

AdobeExperience Manager

915 matches found

CVE•added 2022/12/21 1:21 a.m.•56 views

CVE-2022-42364

Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the v...

5.4CVSS5AI score0.02063EPSS

CVE•added 2024/04/10 9:15 a.m.•56 views

CVE-2024-26098

Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

5.4CVSS5.3AI score0.00583EPSS

CVE•added 2020/09/10 5:15 p.m.•55 views

CVE-2020-9733

An AEM java servlet in AEM versions 6.5.5.0 (and below) and 6.4.8.1 (and below) executes with the permissions of a high privileged service user. If exploited, this could lead to read-only access to sensitive data in an AEM repository.

7.5CVSS7.3AI score0.00487EPSS

CVE•added 2021/08/24 6:15 p.m.•55 views

CVE-2021-28625

Adobe Experience Manager Cloud Service offering, as well as versions 6.5.8.0 (and below) is affected by a Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser ...

6.3CVSS6AI score0.01187EPSS

CVE•added 2022/01/13 9:15 p.m.•55 views

CVE-2021-43762

AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a dispatcher bypass vulnerability that could be abused to evade security controls. Sensitive areas of the web application may be exposed through exploitation of the vulnerability.

6.5CVSS6.7AI score0.00617EPSS

CVE•added 2022/12/21 1:21 a.m.•55 views

CVE-2022-42356

5.4CVSS5.3AI score0.02063EPSS

CVE•added 2024/04/10 9:15 a.m.•55 views

CVE-2024-26076

5.4CVSS5.3AI score0.00583EPSS

CVE•added 2024/04/10 9:15 a.m.•55 views

CVE-2024-26084

5.4CVSS5.3AI score0.00583EPSS

CVE•added 2024/06/13 8:16 a.m.•55 views

CVE-2024-36234

Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically requires us...

5.4CVSS5.5AI score0.01072EPSS

CVE•added 2024/12/10 10:15 p.m.•55 views

CVE-2024-52865

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse t...

5.4CVSS4.4AI score0.00038EPSS

CVE•added 2024/12/10 10:15 p.m.•55 views

CVE-2024-53960

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

5.4CVSS5.5AI score0.0008EPSS

CVE•added 2025/03/19 5:15 p.m.•55 views

CVE-2024-53968

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited to execute arbitrary code in the context of the victim's browser session. By manipulating the DOM environment in the victim's browser, a low privileged a...

5.4CVSS5.2AI score0.0022EPSS

CVE•added 2016/02/10 8:59 p.m.•54 views

CVE-2016-0958

Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 might allow remote attackers to have an unspecified impact via a crafted serialized Java object.

7.8CVSS7.5AI score0.00643EPSS

CVE•added 2022/12/21 1:21 a.m.•54 views

CVE-2022-44466

5.4CVSS5AI score0.02063EPSS

CVE•added 2024/06/13 8:15 a.m.•54 views

CVE-2024-26057

Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically req...

5.4CVSS5.5AI score0.00549EPSS

CVE•added 2024/06/13 8:16 a.m.•54 views

CVE-2024-36220

5.4CVSS5.5AI score0.02687EPSS

CVE•added 2021/06/28 2:15 p.m.•53 views

CVE-2021-21083

AEM's Cloud Service offering, as well as versions 6.5.7.0 (and below), 6.4.8.3 (and below) and 6.3.3.8 (and below) are affected by an Improper Access Control vulnerability. An unauthenticated attacker could leverage this vulnerability to cause an application denial-of-service in the context of the ...

7.5CVSS7.4AI score0.00546EPSS

CVE•added 2022/09/16 6:15 p.m.•53 views

CVE-2022-35664

Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's bro...

5.4CVSS5AI score0.02306EPSS

CVE•added 2024/04/10 9:15 a.m.•53 views

CVE-2024-20780

5.4CVSS5.3AI score0.00791EPSS

CVE•added 2024/06/13 8:15 a.m.•53 views

CVE-2024-26091

5.4CVSS5.5AI score0.01547EPSS

CVE•added 2024/06/13 8:15 a.m.•53 views

CVE-2024-26110

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

5.4CVSS5.3AI score0.00816EPSS

CVE•added 2022/01/13 9:15 p.m.•52 views

CVE-2021-43761

AEM's Cloud Service offering, as well as versions 6.5.7.0 (and below), 6.4.8.3 (and below) and 6.3.3.8 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may ...

8CVSS5.6AI score0.03253EPSS

CVE•added 2023/03/22 5:15 p.m.•52 views

CVE-2023-22262

Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interact...

5.4CVSS5.1AI score0.00333EPSS

CVE•added 2023/12/15 11:15 a.m.•52 views

CVE-2023-48440

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

5.4CVSS5AI score0.0018EPSS

CVE•added 2024/06/13 8:15 a.m.•52 views

CVE-2024-26074

5.4CVSS5.3AI score0.00493EPSS

CVE•added 2024/06/13 8:16 a.m.•52 views

CVE-2024-34120

5.4CVSS5.3AI score0.00816EPSS

CVE•added 2024/06/13 8:16 a.m.•52 views

CVE-2024-36239

5.4CVSS5.5AI score0.0145EPSS

CVE•added 2018/05/19 5:29 p.m.•51 views

CVE-2018-4930

Adobe Experience Manager versions 6.3 and earlier have an exploitable Cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

6.1CVSS5.7AI score0.0102EPSS

CVE•added 2021/08/24 6:15 p.m.•51 views

CVE-2021-28626

Adobe Experience Manager Cloud Service offering, as well as versions 6.5.8.0 (and below) is affected by an Improper Authorization vulnerability allowing users to create nodes under a location. An unauthenticated attacker could leverage this vulnerability to cause an application denial-of-service. E...

7.5CVSS5.7AI score0.00395EPSS

CVE•added 2021/09/27 4:15 p.m.•51 views

CVE-2021-40713

Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a improper certificate validation vulnerability in the cold storage component. If an attacker can achieve a man in the middle when the cold server establishes a new certificate, they would be able to harvest sensitive information...

5.9CVSS5.5AI score0.00242EPSS

CVE•added 2022/09/16 6:15 p.m.•51 views

CVE-2022-30684

5.4CVSS5.3AI score0.02306EPSS

CVE•added 2023/03/22 5:15 p.m.•51 views

CVE-2023-21616

Experience Manager versions 6.5.15.0 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the vic...

5.4CVSS5.3AI score0.0145EPSS

CVE•added 2024/06/13 8:15 a.m.•51 views

CVE-2024-26049

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse t...

4.8CVSS4.9AI score0.00889EPSS

CVE•added 2024/06/13 8:15 a.m.•51 views

CVE-2024-26055

5.4CVSS5.5AI score0.01257EPSS

CVE•added 2024/06/13 8:15 a.m.•51 views

CVE-2024-26114

Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browse...

5.4CVSS5.4AI score0.00816EPSS

CVE•added 2024/06/13 8:16 a.m.•51 views

CVE-2024-36160

5.4CVSS5.3AI score0.01257EPSS

CVE•added 2024/06/13 8:16 a.m.•51 views

CVE-2024-36209

5.4CVSS5.3AI score0.00974EPSS

CVE•added 2024/06/13 8:16 a.m.•51 views

CVE-2024-36226

Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect the integrity of the page. Exploitation ...

3.5CVSS4.2AI score0.00326EPSS

CVE•added 2024/06/13 8:16 a.m.•51 views

CVE-2024-36235

5.4CVSS5.6AI score0.03796EPSS

CVE•added 2024/12/10 10:15 p.m.•51 views

CVE-2024-43715

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user inpu...

5.4CVSS6.1AI score0.00201EPSS

CVE•added 2024/12/10 10:15 p.m.•51 views

CVE-2024-43729

Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a high impact on integrity. Exploitation of t...

6.5CVSS7AI score0.00081EPSS

CVE•added 2021/09/27 4:15 p.m.•50 views

CVE-2021-40712

Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a improper input validation vulnerability via the path parameter. An authenticated attacker can send a malformed POST request to achieve server-side denial of service.

6.5CVSS6.2AI score0.00392EPSS

CVE•added 2023/06/15 7:15 p.m.•50 views

CVE-2023-29302

Adobe Experience Manager versions 6.5.16.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of th...

5.4CVSS5AI score0.03112EPSS

CVE•added 2023/12/15 11:15 a.m.•50 views

CVE-2023-48615

5.4CVSS5.3AI score0.00847EPSS

CVE•added 2024/06/13 8:15 a.m.•50 views

CVE-2024-26121

5.4CVSS5.3AI score0.01257EPSS

CVE•added 2024/06/13 8:16 a.m.•50 views

CVE-2024-36221

5.4CVSS5.3AI score0.01072EPSS

CVE•added 2024/12/10 10:15 p.m.•50 views

CVE-2024-43712

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could allow an attacker to execute arbitrary code in the context of the victim's browser. This issue occurs when data from a user-controllable source is improperly sanitize...

5.4CVSS6.3AI score0.00201EPSS

CVE•added 2024/12/10 10:15 p.m.•50 views

CVE-2024-43722

5.4CVSS6.1AI score0.00201EPSS

CVE•added 2020/01/15 5:15 p.m.•49 views

CVE-2019-16466

Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

6.1CVSS5.6AI score0.01639EPSS

CVE•added 2020/09/10 5:15 p.m.•49 views

CVE-2020-9734

The AEM Forms add-on for versions 6.5.5.0 (and below) and 6.4.8.1 (and below) is affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Forms component. These scripts may be executed in a victim’s browser when they ...

9CVSS5.4AI score0.00658EPSS

Total number of security vulnerabilities915