Adobe: >> Experience Manager Security Vulnerabilities
AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields. These scripts may be executed in a victim’s browser when browsing to the page containing the vulnerable field.
CVSS Score
6.8
EPSS Score
0.021
Published
2020-09-10
AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields. These scripts may be executed in a victim’s browser when they open the page containing the vulnerable field.
CVSS Score
6.8
EPSS Score
0.021
Published
2020-09-10
The AEM Forms add-on for versions 6.5.5.0 (and below) and 6.4.8.1 (and below) is affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Forms component. These scripts may be executed in a victim’s browser when they open the page containing the vulnerable field.
CVSS Score
9.0
EPSS Score
0.005
Published
2020-09-10
An AEM java servlet in AEM versions 6.5.5.0 (and below) and 6.4.8.1 (and below) executes with the permissions of a high privileged service user. If exploited, this could lead to read-only access to sensitive data in an AEM repository.
CVSS Score
7.5
EPSS Score
0.005
Published
2020-09-10
The AEM Forms add-on for versions 6.5.5.0 (and below) and 6.4.8.2 (and below) are affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Sites component. These scripts may be executed in a victim’s browser when they open the page containing the vulnerable field.
CVSS Score
9.0
EPSS Score
0.007
Published
2020-09-10
Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser.
CVSS Score
6.1
EPSS Score
0.14
Published
2020-06-12
Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (reflected) vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser.
CVSS Score
6.1
EPSS Score
0.14
Published
2020-06-12
Adobe Experience Manager versions 6.5 and earlier have a server-side request forgery (ssrf) vulnerability. Successful exploitation could lead to sensitive information disclosure.
CVSS Score
7.5
EPSS Score
0.011
Published
2020-06-12
Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (stored) vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser.
CVSS Score
5.4
EPSS Score
0.06
Published
2020-06-12
Adobe Experience Manager versions 6.5 and earlier have a blind server-side request forgery (ssrf) vulnerability. Successful exploitation could lead to sensitive information disclosure.
CVSS Score
7.5
EPSS Score
0.011
Published
2020-06-12