831 matches found
CVE-2022-28851
CVE-2022-28851 affects Adobe Experience Manager 6.5.13.0 and earlier with a reflected XSS vulnerability. Exploit requires low privileges and user interaction; malicious script runs in the victim’s browser via a crafted URL. Connected sources confirm related Adobe APSB updates for AEM (APSB22-59) ...
CVE-2024-26042
CVE-2024-26042 affects Adobe Experience Manager (AEM) versions
CVE-2024-36236
CVE-2024-36236 affects Adobe Experience Manager 6.5.20 and earlier with a DOM-based XSS that can allow arbitrary JavaScript in a victim’s browser, typically requiring user interaction. Adobe has released updates (APSB24-28) to fix these issues; customers should upgrade to 6.5.21+ or apply the ava...
CVE-2024-26028
Adobe Experience Manager (AEM) versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability (CVE-2024-26028). The issue occurs in vulnerable form fields where malicious JavaScript can be stored and executed when a user visits the page containing the field. CVE det...
CVE-2022-44474
CVE-2022-44474 is an Adobe Experience Manager (AEM) reflected XSS affecting version 6.5.14 and earlier. The vulnerability allows a low-privileged attacker to entice a user to visit a crafted URL, causing malicious JavaScript to run in the victim’s browser. The primary exploitation detail is a ref...
CVE-2023-38215
CVE-2023-38215 affects Adobe Experience Manager (AEM) versions 6.5.17 and earlier. It is a reflected XSS vulnerability: a low-privilege attacker lures a victim to a crafted URL, causing malicious JavaScript to execute in the user’s browser. CVSS v3.1 base score 5.4 (Medium): AV:N/AC:L/PR:L/UI:R/S...
CVE-2024-20800
CVE-2024-20800 affects Adobe Experience Manager versions 6.5.19 and earlier. The issue is a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by a low-privileged attacker to inject malicious scripts into vulnerable web pages, potentially leading to arbitrary code executio...
CVE-2023-21615
Summary of CVE-2023-21615 : Adobe Experience Manager (AEM) 6.5.x up to 6.5.15.0 is affected by a reflected XSS vulnerability. An attacker with low privileges can lure a user to a crafted URL referencing a vulnerable page, causing JavaScript execution in the victim’s browser. The CVSS 3.1 score is...
CVE-2023-29304
Summary: CVE-2023-29304 affects Adobe Experience Manager (AEM) 6.5.16.0 and earlier and is a reflected Cross-Site Scripting (XSS) vulnerability. The attack requires a low-privileged user to lure a victim to a crafted URL referencing a vulnerable page, enabling execution of malicious JavaScript in...
CVE-2024-26032
Adobe Experience Manager (AEM)
CVE-2023-22254
CVE-2023-22254 affects Adobe Experience Manager (AEM) Experience Manager 6.5.15.0 and earlier with a reflected XSS in which a low-privileged attacker entices a victim to visit a crafted URL referencing a vulnerable page, causing malicious JavaScript to run in the victim’s browser. The vulnerabili...
CVE-2023-22260
CVE-2023-22260 affects Adobe Experience Manager 6.5.15.0 and earlier. It is a URL Redirection to Untrusted Site (Open Redirect) vulnerability that could be exploited by a low-privilege authenticated user to redirect victims to malicious sites, requiring user interaction. Remediation references up...
CVE-2024-26043
CVE-2024-26043 concerns a stored Cross-Site Scripting (XSS) vulnerability in Adobe Experience Manager (AEM) versions 6.5.19 and earlier. The issue allows an attacker to inject malicious scripts into vulnerable form fields, with JavaScript executed in a victim’s browser upon visiting the affected ...
CVE-2024-26034
Affected product: Adobe Experience Manager (AEM) 6.5.19 and earlier. Vulnerability type: stored Cross-Site Scripting (XSS) in vulnerable form fields. Root cause/impact: malicious JavaScript could be injected and executed in a victim’s browser when viewing pages containing the vulnerable field. Ex...
CVE-2024-36217
CVE-2024-36217 affects Adobe Experience Manager (AEM) 6.5.20 and earlier. The vulnerability is a stored XSS in vulnerable form fields, allowing malicious JavaScript to run in a victim’s browser when loading the page containing the field. The CVE entry notes a MEDIUM base score (CVSS 3.1: 5.4) wit...
CVE-2022-38439
Adobe Experience Manager (AEM) versions 6.5.13.0 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. Exploitation requires low-privilege access and user interaction (victim must visit a crafted URL), potentially allowing execution of malicious JavaScript in the victi...
CVE-2022-44463
CVE-2022-44463 affects Adobe Experience Manager (AEM) 6.5.14 and earlier. A reflected Cross-Site Scripting (XSS) vulnerability can execute malicious JavaScript in the victim’s browser if a user is lured to a vulnerable page URL. The CVE description specifies low-privileged, network-access conditi...
CVE-2023-22252
CVE-2023-22252 affects Adobe Experience Manager (AEM) Experience Manager 6.5.15.0 and earlier, with a reflected XSS flaw that can execute malicious JavaScript in a victim’s browser when a user is lured to a vulnerable URL. CVSS‑3.1 base score 5.4 (MEDIUM): confidentiality and integrity impact LOW...
CVE-2023-22271
Adobe Experience Manager (AEM) 6.5.x
CVE-2024-26056
Adobe Experience Manager (AEM)
CVE-2024-26069
Adobe Experience Manager (AEM) versions 6.5.19 and earlier are affected by a stored XSS vulnerability in vulnerable form fields that can inject malicious JavaScript executed in a victim’s browser. Contributing details from connected sources confirm the issue is a stored XSS (CWE-79) and that expl...
CVE-2022-35696
Adobe Experience Manager (AEM) 6.5.14 and earlier is affected by a reflected Cross-Site Scripting (XSS) vulnerability. The issue arises from inadequate protection of the web page structure, enabling a remote attacker to lure a victim to a crafted URL and cause JavaScript to run in the user’s brow...
CVE-2024-26044
CVE-2024-26044 affects Adobe Experience Manager (AEM) 6.5.19 and earlier with a DOM-based XSS vulnerability in the web page handling that could cause malicious JavaScript to execute in a victim’s browser, potentially enabling arbitrary code execution in the browser context. The issue is documente...
CVE-2024-26052
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability in vulnerable form fields. An attacker could inject malicious JavaScript that executes in a victim’s browser when loading the page containing the field. The CVE-2024-26052 entry ...
CVE-2023-22264
Adobe Experience Manager (AEM) 6.5.15.0 and earlier is affected by a URL redirection to untrusted site vulnerability (CVE-2023-22264). The issue allows a low‑privilege authenticated attacker to induce redirection to a malicious site, requiring user interaction. Mitigation in the public advisory A...
CVE-2024-26062
Adobe Experience Manager (AEM) up to version 6.5.19 and earlier is affected by a stored Cross-Site Scripting (XSS) vulnerability in vulnerable form fields, allowing injected JavaScript to execute in a victim’s browser when visiting pages containing those fields. The root cause involves improper h...
CVE-2024-26064
Adobe Experience Manager is affected in versions 6.5.19 and earlier by a DOM‑based XSS vulnerability (CVE-2024-26064). The issue allows an attacker to inject malicious scripts that execute in the victim’s browser when they visit a page containing the vulnerable script, potentially leading to arbi...
CVE-2024-26065
Adobe Experience Manager (AEM) 6.5.19 and earlier is affected by a stored Cross-Site Scripting (XSS) vulnerability in vulnerable form fields, enabling injected JavaScript to run in a user’s browser when visiting the page with the field. Connected sources confirm the issue affects AEM versions up ...
CVE-2024-26080
Adobe Experience Manager
CVE-2024-26103
Adobe Experience Manager (AEM) 6.5.19 and earlier is affected by a reflected Cross‑Site Scripting (XSS) vulnerability (CVE-2024-26103) that can execute malicious JavaScript in a victim’s browser when a user visits a crafted URL referencing a vulnerable page. The CVSS 3.1 base score is 5.4 (Medium...
CVE-2022-42362
CVE-2022-42362 concerns Adobe Experience Manager (AEM) 6.5.14 and earlier, with a reflected Cross-Site Scripting (XSS) vulnerability. An attacker who lure a user to a crafted URL can cause malicious JavaScript to run in the victim’s browser context. The available connected documents confirm the a...
CVE-2022-44467
Adobe Experience Manager 6.5.14 and earlier are affected by a reflected XSS vulnerability (CVE-2022-44467). The issue allows a low-privilege attacker to entice a user to visit a crafted URL, causing arbitrary JavaScript execution in the user’s browser. Affected component: AEM web UI/pages referen...
CVE-2024-26125
CVE-2024-26125 affects Adobe Experience Manager 6.5.19 and earlier, describing a stored XSS in vulnerable form fields that could execute malicious JavaScript in a victim’s browser. Connected sources corroborate an XSS family (stored and DOM-based variants) with multiple CVEs referenced in APSB24-...
CVE-2022-42366
Adobe Experience Manager (AEM)
CVE-2023-22257
Adobe Experience Manager (AEM) 6.5.15.0 and earlier is affected by a URL redirect to an untrusted site (Open Redirect). The issue enables a low-privilege authenticated attacker to redirect users to a malicious site and requires user interaction. Remediation per APSB23-18 is to apply the security ...
CVE-2024-26038
CVE-2024-26038 concerns Adobe Experience Manager (AEM) versions 6.5.19 and earlier. A stored Cross-Site Scripting (XSS) vulnerability exists in vulnerable form fields, allowing an attacker to inject and have malicious JavaScript executed in a victim’s browser when visiting a page containing the f...
CVE-2024-26040
CVE-2024-26040 affects Adobe Experience Manager 6.5.19 and earlier with a stored XSS in vulnerable form fields. Exploitation requires user interaction; malicious JavaScript can run in the victim’s browser when loading a page containing the affected field. A related advisory (APSB24-05) and Nessus...
CVE-2024-26119
CVE-2024-26119 affects Adobe Experience Manager 6.5.19 and earlier. The issue is an Information Exposure vulnerability that could enable a security feature bypass with low confidentiality impact. Exploitation does not require user interaction and can occur over the network (no vectors described b...
CVE-2024-26127
CVE-2024-26127 affects Adobe Experience Manager (AEM) versions 6.5.20 and earlier. The issue is an Improper Input Validation that can lead to a security feature bypass, enabling a low-privileged attacker to affect page integrity. Exploitation requires user interaction, and the base CVSS v3.1 scor...
CVE-2022-42357
Adobe Experience Manager (AEM) versions 6.5.14 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability triggered when a victim is enticed to visit a crafted URL, allowing malicious JavaScript to run in the victim’s browser. The vulnerability is described across multiple s...
CVE-2022-44462
CVE-2022-44462 affects Adobe Experience Manager (AEM) 6.5.14 and earlier, with a reflected XSS vulnerability that a low-privileged attacker can trigger by convincing a victim to visit a crafted URL, enabling execution of malicious JavaScript in the victim’s browser. The issue is documented across...
CVE-2022-44473
CVE-2022-44473 affects Adobe Experience Manager (AEM) versions 6.5.14 and earlier. A reflected XSS vulnerability allows a low-privileged attacker to lure a victim to a crafted URL, causing arbitrary JavaScript to execute in the victim’s browser. Root cause is described as insufficient protection ...
CVE-2024-26063
CVE-2024-26063 affects Adobe Experience Manager up to 6.5.19 and earlier. It is an Information Exposure vulnerability leading to a security feature bypass, exploitable without user interaction. CVSS v3.1 base score 5.3 (Medium). Remediation per connected documents: apply the APSB24-05 update; upg...
CVE-2024-26101
Adobe Experience Manager (AEM) 6.5.19 and earlier is affected by a reflected Cross-Site Scripting (XSS) vulnerability. Attack requires convincing a victim to visit a URL referencing a vulnerable page, allowing malicious JavaScript to execute in the victim’s browser. CVSSv3.1 base score 5.4 (MEDIU...
CVE-2024-26105
Adobe Experience Manager (AEM) versions 6.5.19 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability, enabling malicious JavaScript to run in a victim’s browser when a user visits a crafted URL. The issue is described with a CVSS v3.1 base score of 5.4 (Medium) with net...
CVE-2024-26107
Adobe Experience Manager (AEM) 6.5.19 and earlier is affected by a reflected XSS vulnerability (CVE-2024-26107). The issue exists in vulnerable pages where crafted URLs can execute malicious JavaScript in the victim’s browser. Public references in the connected documents identify a remediation vi...
CVE-2022-30679
Adobe Experience Manager (AEM) 6.5.14 and earlier is affected by a reflected Cross-Site Scripting (XSS) vulnerability (CVE-2022-30679). A low-privileged attacker can entice a victim to visit a crafted URL, enabling malicious JavaScript to run in the victim’s browser. CVSS metrics indicate Network...
CVE-2022-38438
CVE-2022-38438 affects Adobe Experience Manager versions 6.5.13.0 and earlier with a reflected Cross-Site Scripting (XSS) vulnerability. The issue can be triggered when a victim is convinced to visit a vulnerable URL, allowing malicious JavaScript to execute in the browser context. Exploitation r...
CVE-2023-22261
Adobe Experience Manager (AEM) 6.5.15.0 and earlier is affected by a URL redirection to an untrusted site vulnerability (Open Redirect). A low-privilege authenticated user can trigger redirects to malicious sites, with exploitation requiring user interaction. Remediation: update to 6.5.16.0 or la...
CVE-2023-29322
Adobe Experience Manager versions 6.5.16.0 and earlier are affected by a reflected XSS vulnerability (CVE-2023-29322). A low-privileged attacker can lure a victim to a crafted URL that executes malicious JavaScript in the victim’s browser. Remediation: update to AEM 6.5.17.0 or apply vendor-suppl...