Описание
AEM WCM Core Components CVG Image vulnerable to Reflected Cross-site Scripting
Core Components version 2.20.6 (and earlier) suffer from a reflected cross-site scripting (XSS) vulnerability in AdaptiveImageServlet via SVG images. An attacker with author access can upload a special crafted SVG image (including a malicious Javascript) and obtain a link that, when loaded by another authenticated users, will execute the malicious script and gain access to other user's session. The issue has been resolved in 2.20.8. There are currently no known workarounds.
Пакеты
com.adobe.cq:core.wcm.components.core
< 2.20.8
2.20.8
Связанные уязвимости
Adobe Experience Manager Core Components version 2.20.6 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires a low author privilege access.
Уязвимость системы управления контентом и медиа-данными Adobe Experience Manager, связанная с недостаточной защитой структуры веб-страницы, позволяющая нарушителю выполнить произвольный код