Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited to execute arbitrary code in the context of the victim's browser session. By manipulating the DOM environment in the victim's browser, an attacker can inject malicious scripts that are executed by the victim's browser. Exploitation of this issue requires user interaction, typically in the form of following a malicious link.
Metrics
Affected Vendors & Products
References
History
Tue, 17 Dec 2024 15:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Adobe
Adobe experience Manager |
|
CPEs | cpe:2.3:a:adobe:experience_manager:*:*:*:*:-:*:*:* cpe:2.3:a:adobe:experience_manager:*:*:*:*:aem_cloud_service:*:*:* |
|
Vendors & Products |
Adobe
Adobe experience Manager |
Wed, 11 Dec 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 10 Dec 2024 22:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited to execute arbitrary code in the context of the victim's browser session. By manipulating the DOM environment in the victim's browser, an attacker can inject malicious scripts that are executed by the victim's browser. Exploitation of this issue requires user interaction, typically in the form of following a malicious link. | |
Title | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | |
Weaknesses | CWE-79 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: adobe
Published: 2024-12-10T22:04:45.558Z
Updated: 2024-12-11T14:43:12.019Z
Reserved: 2024-08-15T17:12:15.440Z
Link: CVE-2024-43720
Vulnrichment
Updated: 2024-12-11T14:38:20.520Z
NVD
Status : Analyzed
Published: 2024-12-10T22:15:07.160
Modified: 2024-12-17T15:23:30.417
Link: CVE-2024-43720
Redhat
No data.