Description
Adobe Experience Manager versions 6.5.19 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Adobe | Adobe Experience Manager | affected |
|
Configuration 1 [-]
|
No data.
No data available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2024-23401 | Adobe Experience Manager versions 6.5.19 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. |
References
History
Tue, 03 Dec 2024 16:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| CPEs | cpe:2.3:a:adobe:experience_manager:*:*:*:*:-:*:*:* cpe:2.3:a:adobe:experience_manager:*:*:*:*:aem_cloud_service:*:*:* |
Mon, 07 Oct 2024 14:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | AMS/Cloud Services - childrenlist selector can be used to run various problematic AEM resources (retest 1497173 part 1) | Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79) |
MITRE
Status: PUBLISHED
Assigner: adobe
Published:
Updated: 2024-10-07T14:17:32.945Z
Reserved: 2024-02-14T17:37:23.402Z
Link: CVE-2024-26107
Vulnrichment
Updated: 2024-08-01T23:59:32.365Z
NVD
Status : Analyzed
Published: 2024-03-18T18:15:18.547
Modified: 2024-12-03T16:28:23.067
Link: CVE-2024-26107
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses