Adobe: >> Experience Manager Security Vulnerabilities
Adobe Experience Manager versions 6.1 and 6.0 are vulnerable to a reflected cross-site scripting vulnerability related to the handling of malicious content embedded in image files uploaded to the DAM.
CVSS Score
6.1
EPSS Score
0.009
Published
2018-02-27
Adobe Experience Manager versions 6.3, 6.2, and 6.1 are vulnerable to cross-site scripting via a bypass of the Sling XSSAPI#getValidHref function.
CVSS Score
6.1
EPSS Score
0.004
Published
2018-02-27
An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. Adobe Experience Manager has a reflected cross-site scripting vulnerability in the HtmlRendererServlet.
CVSS Score
6.1
EPSS Score
0.015
Published
2017-12-09
An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. Sensitive tokens are included in http GET requests under certain circumstances.
CVSS Score
7.5
EPSS Score
0.096
Published
2017-12-09
An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. A cross-site scripting vulnerability in Apache Sling Servlets Post 2.3.20 has been resolved in Adobe Experience Manager.
CVSS Score
6.1
EPSS Score
0.015
Published
2017-12-09
Adobe Experience Manager 6.3 and earlier has a misconfiguration vulnerability.
CVSS Score
7.5
EPSS Score
0.096
Published
2017-08-11
Adobe Experience Manager 6.2 and earlier has a malicious file execution vulnerability.
CVSS Score
9.8
EPSS Score
0.132
Published
2017-08-11
Adobe Experience Manager 6.1 and earlier has a sensitive data exposure vulnerability.
CVSS Score
7.5
EPSS Score
0.096
Published
2017-08-11
Adobe Experience Manager versions 6.2 and earlier have a vulnerability that could be used in Cross-Site Request Forgery attacks.
CVSS Score
8.8
EPSS Score
0.012
Published
2016-12-15
Adobe Experience Manager versions 6.1 and earlier have an input validation issue in the DAM create assets that could be used in cross-site scripting attacks.
CVSS Score
6.1
EPSS Score
0.013
Published
2016-12-15