Experience Manager Security Vulnerabilities and Issues — Experience Manager CVE List

Lucene search

AdobeExperience Manager

4 matches found

CVE•added 2021/09/27 4:15 p.m.•58 views

CVE-2021-40711

Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a stored XSS vulnerability when creating Content Fragments. An authenticated attacker can send a malformed POST request to achieve arbitrary code execution. Malicious JavaScript may be executed in a victim’s browser when they bro...

5.4CVSS5.5AI score0.02148EPSS

CVE•added 2021/09/27 4:15 p.m.•51 views

CVE-2021-40713

Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a improper certificate validation vulnerability in the cold storage component. If an attacker can achieve a man in the middle when the cold server establishes a new certificate, they would be able to harvest sensitive information...

5.9CVSS5.5AI score0.00242EPSS

CVE•added 2021/09/27 4:15 p.m.•50 views

CVE-2021-40712

Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a improper input validation vulnerability via the path parameter. An authenticated attacker can send a malformed POST request to achieve server-side denial of service.

6.5CVSS6.2AI score0.00392EPSS

CVE•added 2021/09/27 4:15 p.m.•48 views

CVE-2021-40714

Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability via the accesskey parameter. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the c...

6.1CVSS5.7AI score0.00882EPSS