Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation vulnerability that could lead to a security feature bypass. An low-privileged attacker could leverage this vulnerability to slightly affect the integrity of the page. Exploitation of this issue requires user interaction and scope is changed.
History

Mon, 07 Oct 2024 14:15:00 +0000

Type Values Removed Values Added
Title HTML Injection on `https://author-bugbounty-65-prod.adobecqms.net/` Adobe Experience Manager | Improper Input Validation (CWE-20)

Mon, 26 Aug 2024 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe experience Manager
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:adobe:experience_manager:*:*:*:*:aem_cloud_service:*:*:*
Vendors & Products Adobe
Adobe experience Manager

Fri, 23 Aug 2024 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 23 Aug 2024 17:00:00 +0000

Type Values Removed Values Added
Description Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation vulnerability that could lead to a security feature bypass. An low-privileged attacker could leverage this vulnerability to slightly affect the integrity of the page. Exploitation of this issue requires user interaction and scope is changed.
Title HTML Injection on `https://author-bugbounty-65-prod.adobecqms.net/`
Weaknesses CWE-20
References
Metrics cvssV3_1

{'score': 4.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published: 2024-08-23T16:53:43.642Z

Updated: 2024-10-07T13:59:40.627Z

Reserved: 2024-07-22T17:16:40.936Z

Link: CVE-2024-41849

cve-icon Vulnrichment

Updated: 2024-08-23T17:39:34.232Z

cve-icon NVD

Status : Analyzed

Published: 2024-08-23T17:15:08.697

Modified: 2024-08-26T14:37:31.180

Link: CVE-2024-41849

cve-icon Redhat

No data.