Описание
Adobe Experience Manager versions 6.5.22 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.
Ссылки
- Vendor Advisory
Уязвимые конфигурации
Одно из
EPSS
8.7 High
CVSS3
Дефекты
Связанные уязвимости
Adobe Experience Manager versions 6.5.22 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.
Уязвимость системы управления контентом и медиа-данными Adobe Experience Manager (AEM), связанная с недостаточной проверкой входных данных, позволяющая нарушителю выполнить произвольный код
EPSS
8.7 High
CVSS3