Experience Manager@* Security Vulnerabilities and Issues — Experience Manager@* CVE List

Lucene search

AdobeExperience Manager*

875 matches found

CVE•added 2020/01/15 5:15 p.m.•155 views

CVE-2019-16469

Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have an expression language injection vulnerability. Successful exploitation could lead to sensitive information disclosure.

7.5CVSS7.2AI score0.73573EPSS

CVE•added 2019/07/18 10:15 p.m.•104 views

CVE-2019-7955

Adobe Experience Manager version 6.4 and ealier have a Reflected Cross-site Scripting vulnerability. Successful exploitation could lead to Sensitive Information disclosure in the context of the current user.

6.1CVSS5.8AI score0.00934EPSS

CVE•added 2022/09/30 5:15 p.m.•97 views

CVE-2022-28851

Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's bro...

5.4CVSS5AI score0.12442EPSS

CVE•added 2024/06/13 8:16 a.m.•93 views

CVE-2024-36236

Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue requires user...

5.4CVSS5.5AI score0.00375EPSS

CVE•added 2024/03/18 6:15 p.m.•89 views

CVE-2024-26042

Adobe Experience Manager versions 6.5.19 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable web pages. Malicious JavaScript may be executed in a victim’s browser when they browse to the pag...

5.4CVSS5.6AI score0.01681EPSS

CVE•added 2019/07/18 10:15 p.m.•88 views

CVE-2019-7954

Adobe Experience Manager version 6.4 and ealier have a Stored Cross-site Scripting vulnerability. Successful exploitation could lead to Sensitive Information disclosure in the context of the current user.

6.1CVSS5.8AI score0.01182EPSS

CVE•added 2023/09/13 2:15 p.m.•87 views

CVE-2023-38215

Adobe Experience Manager versions 6.5.17 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the v...

5.4CVSS5.1AI score0.00305EPSS

CVE•added 2023/06/15 7:15 p.m.•85 views

CVE-2023-29304

Adobe Experience Manager versions 6.5.16.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of th...

5.4CVSS5AI score0.03112EPSS

CVE•added 2019/07/18 10:15 p.m.•82 views

CVE-2019-7953

Adobe Experience Manager version 6.4 and ealier have a Cross-Site Request Forgery vulnerability. Successful exploitation could lead to Sensitive Information disclosure in the context of the current user.

6.5CVSS6.2AI score0.01117EPSS

CVE•added 2022/12/21 1:21 a.m.•82 views

CVE-2022-44474

Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the v...

5.4CVSS5AI score0.02063EPSS

CVE•added 2024/03/18 6:15 p.m.•82 views

CVE-2024-26032

5.4CVSS6.2AI score0.01325EPSS

CVE•added 2024/04/04 9:15 a.m.•80 views

CVE-2024-20800

Adobe Experience Manager versions 6.5.19 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable web pages. Malicious JavaScript may be executed in a victim’s browser when they bro...

5.4CVSS6.2AI score0.02342EPSS

CVE•added 2024/03/18 6:15 p.m.•80 views

CVE-2024-26028

Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

5.4CVSS5.3AI score0.00591EPSS

CVE•added 2021/02/02 11:15 p.m.•79 views

CVE-2021-21043

ACS Commons version 4.9.2 (and earlier) suffers from a Reflected Cross-site Scripting (XSS) vulnerability in version-compare and page-compare due to invalid JCR characters that are not handled correctly. An attacker could potentially exploit this vulnerability to inject malicious JavaScript content...

6.1CVSS5.9AI score0.00985EPSS

CVE•added 2020/12/10 6:15 a.m.•77 views

CVE-2020-24445

AEM's Cloud Service offering, as well as version 6.5.6.0 (and below), are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they b...

9CVSS8AI score0.01091EPSS

CVE•added 2023/03/22 5:15 p.m.•77 views

CVE-2023-21615

Experience Manager versions 6.5.15.0 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the vic...

5.4CVSS5AI score0.00927EPSS

CVE•added 2024/03/18 6:15 p.m.•77 views

CVE-2024-26034

5.4CVSS5.3AI score0.00527EPSS

CVE•added 2022/09/23 7:15 p.m.•75 views

CVE-2022-38439

5.4CVSS5.3AI score0.02457EPSS

CVE•added 2023/09/13 2:15 p.m.•75 views

CVE-2023-38214

5.4CVSS5.1AI score0.00305EPSS

CVE•added 2023/03/22 5:15 p.m.•74 views

CVE-2023-22260

Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interact...

5.4CVSS5.1AI score0.00333EPSS

CVE•added 2024/03/18 6:15 p.m.•74 views

CVE-2024-26064

Adobe Experience Manager versions 6.5.19 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into a webpage. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containin...

5.4CVSS6.2AI score0.01905EPSS

CVE•added 2024/06/13 8:16 a.m.•74 views

CVE-2024-36217

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

5.4CVSS5.3AI score0.00762EPSS

CVE•added 2022/08/10 8:15 p.m.•73 views

CVE-2022-35697

Adobe Experience Manager Core Components version 2.20.6 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...

5.4CVSS5AI score0.00262EPSS

CVE•added 2023/03/22 5:15 p.m.•73 views

CVE-2023-22271

Experience Manager versions 6.5.15.0 (and earlier) are affected by a Weak Cryptography for Passwords vulnerability that can lead to a security feature bypass. A low-privileged attacker can exploit this in order to decrypt a user's password. The attack complexity is high since a successful exploitat...

5.3CVSS5.4AI score0.00057EPSS

CVE•added 2024/03/18 6:15 p.m.•73 views

CVE-2024-26052

5.4CVSS5.3AI score0.00464EPSS

CVE•added 2024/03/18 6:15 p.m.•73 views

CVE-2024-26069

5.4CVSS5AI score0.00464EPSS

CVE•added 2023/03/22 5:15 p.m.•72 views

CVE-2023-22254

5.4CVSS5AI score0.00927EPSS

CVE•added 2023/03/22 5:15 p.m.•72 views

CVE-2023-22264

5.4CVSS5.1AI score0.00333EPSS

CVE•added 2024/03/18 6:15 p.m.•72 views

CVE-2024-26065

5.4CVSS5.3AI score0.00464EPSS

CVE•added 2022/12/19 10:0 a.m.•71 views

CVE-2022-35696

5.4CVSS5AI score0.00633EPSS

CVE•added 2024/03/18 6:15 p.m.•71 views

CVE-2024-26043

5.4CVSS5.3AI score0.00464EPSS

CVE•added 2022/09/16 6:15 p.m.•70 views

CVE-2022-30683

Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a Violation of Secure Design Principles vulnerability that could lead to bypass the security feature of the encryption mechanism in the backend . An attacker could leverage this vulnerability to decrypt secrets, however, this i...

5.3CVSS5.1AI score0.00208EPSS

CVE•added 2024/03/18 6:15 p.m.•70 views

CVE-2024-26040

5.4CVSS5.3AI score0.00464EPSS

CVE•added 2024/03/18 6:15 p.m.•70 views

CVE-2024-26103

Adobe Experience Manager versions 6.5.19 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browse...

5.4CVSS5.6AI score0.00464EPSS

CVE•added 2022/12/21 1:21 a.m.•69 views

CVE-2022-42362

5.4CVSS5AI score0.02063EPSS

CVE•added 2022/12/19 10:0 a.m.•69 views

CVE-2022-44473

5.4CVSS5AI score0.01957EPSS

CVE•added 2024/03/18 6:15 p.m.•69 views

CVE-2024-26056

5.4CVSS5.3AI score0.00464EPSS

CVE•added 2024/06/13 8:16 a.m.•69 views

CVE-2024-26127

Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect the integrity of the page. Exploitation ...

3.5CVSS5.2AI score0.00099EPSS

CVE•added 2022/12/21 1:21 a.m.•68 views

CVE-2022-44465

5.4CVSS5AI score0.02063EPSS

CVE•added 2022/12/21 1:21 a.m.•68 views

CVE-2022-44467

5.4CVSS5AI score0.02063EPSS

CVE•added 2022/12/19 10:0 a.m.•68 views

CVE-2022-44468

5.4CVSS5AI score0.01957EPSS

CVE•added 2023/06/15 7:15 p.m.•68 views

CVE-2023-29322

5.4CVSS5AI score0.03814EPSS

CVE•added 2024/03/18 6:15 p.m.•68 views

CVE-2024-26031

5.4CVSS5.3AI score0.00591EPSS

CVE•added 2024/03/18 6:15 p.m.•68 views

CVE-2024-26044

Adobe Experience Manager versions 6.5.19 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into a webpage. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containin...

5.4CVSS6.2AI score0.01681EPSS

CVE•added 2024/03/18 6:15 p.m.•68 views

CVE-2024-26059

5.4CVSS5.3AI score0.00464EPSS

CVE•added 2024/03/18 6:15 p.m.•68 views

CVE-2024-26062

5.4CVSS5AI score0.00464EPSS

CVE•added 2024/03/18 6:15 p.m.•68 views

CVE-2024-26063

Adobe Experience Manager versions 6.5.19 and earlier are affected by an Information Exposure vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to gain unauthorized access to sensitive information, potentially bypassing security measures. Exp...

5.3CVSS6.7AI score0.00105EPSS

CVE•added 2024/03/18 6:15 p.m.•68 views

CVE-2024-26080

5.4CVSS5.1AI score0.00464EPSS

CVE•added 2024/03/18 6:15 p.m.•68 views

CVE-2024-26101

5.4CVSS5.6AI score0.0044EPSS

CVE•added 2024/03/18 6:15 p.m.•68 views

CVE-2024-26107

5.4CVSS5.6AI score0.00464EPSS

Total number of security vulnerabilities875