Experience Manager Security Vulnerabilities and Issues — Experience Manager CVE List

Lucene search

AdobeExperience Manager

13 matches found

CVE•added 2016/02/10 8:59 p.m.•109 views

CVE-2016-0956

The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors.

7.8CVSS7AI score0.16043EPSS

CVE•added 2016/12/15 6:59 a.m.•97 views

CVE-2016-6933

Adobe Experience Manager Forms versions 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4 have an input validation issue in the AACComponent that could be used in cross-site scripting attacks.

6.1CVSS5.9AI score0.01191EPSS

CVE•added 2016/02/10 8:59 p.m.•81 views

CVE-2016-0957

Dispatcher before 4.1.5 in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 does not properly implement a URL filter, which allows remote attackers to bypass dispatcher rules via unspecified vectors.

7.8CVSS7.4AI score0.90546EPSS

CVE•added 2016/02/10 8:59 p.m.•54 views

CVE-2016-0958

Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 might allow remote attackers to have an unspecified impact via a crafted serialized Java object.

7.8CVSS7.5AI score0.00643EPSS

CVE•added 2016/12/15 6:59 a.m.•43 views

CVE-2016-7883

Adobe Experience Manager version 6.2 has an input validation issue in create Launch wizard that could be used in cross-site scripting attacks.

6.1CVSS6AI score0.01316EPSS

CVE•added 2016/08/09 8:59 p.m.•39 views

CVE-2016-4253

The Backup functionality in Adobe Experience Manager 5.6.1, 6.0, 6.1, and 6.2 allows attackers to obtain sensitive information via unspecified vectors.

5.3CVSS5AI score0.0268EPSS

CVE•added 2016/02/10 8:59 p.m.•37 views

CVE-2016-0955

Cross-site scripting (XSS) vulnerability in Adobe Experience Manager (AEM) 6.1.0 allows remote authenticated users to inject arbitrary web script or HTML via a folder title field that is mishandled in the Deletion popup dialog.

6.1CVSS5.8AI score0.00484EPSS

CVE•added 2016/08/09 8:59 p.m.•37 views

CVE-2016-4168

Cross-site scripting (XSS) vulnerability in Adobe Experience Manager 5.6.1, 6.0, and 6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

6.1CVSS5.9AI score0.00641EPSS

CVE•added 2016/08/09 8:59 p.m.•37 views

CVE-2016-4169

Adobe Experience Manager 6.0, 6.1, and 6.2 allow attackers to obtain sensitive audit log event information via unspecified vectors.

5.3CVSS5AI score0.02399EPSS

CVE•added 2016/12/15 6:59 a.m.•37 views

CVE-2016-7882

Adobe Experience Manager versions 6.2 and earlier have an input validation issue in the WCMDebug filter that could be used in cross-site scripting attacks.

6.1CVSS5.9AI score0.01316EPSS

CVE•added 2016/12/15 6:59 a.m.•34 views

CVE-2016-7885

Adobe Experience Manager versions 6.2 and earlier have a vulnerability that could be used in Cross-Site Request Forgery attacks.

8.8CVSS8.5AI score0.0118EPSS

CVE•added 2016/12/15 6:59 a.m.•32 views

CVE-2016-7884

Adobe Experience Manager versions 6.1 and earlier have an input validation issue in the DAM create assets that could be used in cross-site scripting attacks.

6.1CVSS5.9AI score0.01316EPSS

CVE•added 2016/08/09 8:59 p.m.•31 views

CVE-2016-4170

Cross-site scripting (XSS) vulnerability in Adobe Experience Manager 5.6.1, 6.0, 6.1, and 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

6.1CVSS5.9AI score0.00752EPSS