Filtered by vendor Adobe
Subscriptions
Filtered by product Experience Manager
Subscriptions
Total
551 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-35696 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2024-09-17 | 5.4 Medium |
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | ||||
CVE-2020-9734 | 1 Adobe | 1 Experience Manager | 2024-09-17 | 9 Critical |
The AEM Forms add-on for versions 6.5.5.0 (and below) and 6.4.8.1 (and below) is affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Forms component. These scripts may be executed in a victim’s browser when they open the page containing the vulnerable field. | ||||
CVE-2022-35695 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2024-09-17 | 5.4 Medium |
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | ||||
CVE-2020-9737 | 1 Adobe | 1 Experience Manager | 2024-09-17 | 6.8 Medium |
AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields. These scripts may be executed in a victim’s browser when they open the page containing the vulnerable field. | ||||
CVE-2022-42367 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2024-09-17 | 5.4 Medium |
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | ||||
CVE-2020-9736 | 1 Adobe | 1 Experience Manager | 2024-09-17 | 6.8 Medium |
AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields. These scripts may be executed in a victim’s browser when browsing to the page containing the vulnerable field. | ||||
CVE-2017-3108 | 1 Adobe | 1 Experience Manager | 2024-09-17 | N/A |
Adobe Experience Manager 6.2 and earlier has a malicious file execution vulnerability. | ||||
CVE-2021-28625 | 1 Adobe | 1 Experience Manager | 2024-09-17 | 6.3 Medium |
Adobe Experience Manager Cloud Service offering, as well as versions 6.5.8.0 (and below) is affected by a Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | ||||
CVE-2022-44470 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2024-09-17 | 5.4 Medium |
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | ||||
CVE-2022-35664 | 1 Adobe | 1 Experience Manager | 2024-09-17 | 5.4 Medium |
Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM. | ||||
CVE-2022-42362 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2024-09-17 | 5.4 Medium |
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | ||||
CVE-2022-44468 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2024-09-17 | 5.4 Medium |
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | ||||
CVE-2021-40714 | 1 Adobe | 1 Experience Manager | 2024-09-17 | 6.1 Medium |
Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability via the accesskey parameter. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser | ||||
CVE-2020-9732 | 1 Adobe | 2 Experience Manager, Experience Manager Forms | 2024-09-17 | 9 Critical |
The AEM Forms add-on for versions 6.5.5.0 (and below) and 6.4.8.2 (and below) are affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Sites component. These scripts may be executed in a victim’s browser when they open the page containing the vulnerable field. | ||||
CVE-2022-42354 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2024-09-17 | 5.4 Medium |
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | ||||
CVE-2022-44473 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2024-09-17 | 5.4 Medium |
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | ||||
CVE-2021-40711 | 1 Adobe | 1 Experience Manager | 2024-09-17 | 5.4 Medium |
Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a stored XSS vulnerability when creating Content Fragments. An authenticated attacker can send a malformed POST request to achieve arbitrary code execution. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | ||||
CVE-2017-3107 | 1 Adobe | 1 Experience Manager | 2024-09-17 | N/A |
Adobe Experience Manager 6.3 and earlier has a misconfiguration vulnerability. | ||||
CVE-2021-43761 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2024-09-17 | 8 High |
AEM's Cloud Service offering, as well as versions 6.5.7.0 (and below), 6.4.8.3 (and below) and 6.3.3.8 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | ||||
CVE-2021-44178 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2024-09-16 | 5.4 Medium |
AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a reflected Cross-Site Scripting (XSS) vulnerability via the itemResourceType parameter. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser |