Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user input, the attacker can inject malicious scripts that run when the page is rendered. This type of attack requires user interaction, as the victim would need to visit a malicious link or input data into a compromised form.
Metrics
Affected Vendors & Products
References
History
Tue, 17 Dec 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Adobe
Adobe experience Manager |
|
CPEs | cpe:2.3:a:adobe:experience_manager:*:*:*:*:-:*:*:* cpe:2.3:a:adobe:experience_manager:*:*:*:*:aem_cloud_service:*:*:* |
|
Vendors & Products |
Adobe
Adobe experience Manager |
Wed, 11 Dec 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 10 Dec 2024 22:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user input, the attacker can inject malicious scripts that run when the page is rendered. This type of attack requires user interaction, as the victim would need to visit a malicious link or input data into a compromised form. | |
Title | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | |
Weaknesses | CWE-79 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: adobe
Published: 2024-12-10T22:05:02.078Z
Updated: 2024-12-11T14:41:18.310Z
Reserved: 2024-08-15T17:12:15.440Z
Link: CVE-2024-43715
Vulnrichment
Updated: 2024-12-11T14:37:53.344Z
NVD
Status : Analyzed
Published: 2024-12-10T22:15:06.377
Modified: 2024-12-17T14:56:06.787
Link: CVE-2024-43715
Redhat
No data.