Описание
Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could allow an attacker to execute arbitrary code in the context of the victim's browser. This issue occurs when data from a malicious source is processed by a web application's client-side scripts to update the DOM. Exploitation of this issue requires user interaction, such as convincing a victim to click on a malicious link.
Ссылки
- Vendor Advisory
Уязвимые конфигурации
Одно из
EPSS
4.6 Medium
CVSS3
Дефекты
Связанные уязвимости
Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could allow an attacker to execute arbitrary code in the context of the victim's browser. This issue occurs when data from a malicious source is processed by a web application's client-side scripts to update the DOM. Exploitation of this issue requires user interaction, such as convincing a victim to click on a malicious link.
Уязвимость системы управления контентом и медиа-данными Adobe Experience Manager (AEM), связанная с недостаточной защитой структуры веб-страницы, позволяющая нарушителю выполнить произвольный код
EPSS
4.6 Medium
CVSS3