Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user input, the attacker can inject malicious scripts that run when the page is rendered. This type of attack requires user interaction, as the victim would need to visit a malicious link or page.
Metrics
Affected Vendors & Products
References
History
Tue, 17 Dec 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Adobe
Adobe experience Manager |
|
CPEs | cpe:2.3:a:adobe:experience_manager:*:*:*:*:-:*:*:* cpe:2.3:a:adobe:experience_manager:*:*:*:*:aem_cloud_service:*:*:* |
|
Vendors & Products |
Adobe
Adobe experience Manager |
Thu, 12 Dec 2024 08:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 10 Dec 2024 22:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user input, the attacker can inject malicious scripts that run when the page is rendered. This type of attack requires user interaction, as the victim would need to visit a malicious link or page. | |
Title | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | |
Weaknesses | CWE-79 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: adobe
Published: 2024-12-10T22:04:33.645Z
Updated: 2024-12-11T14:43:51.263Z
Reserved: 2024-08-15T17:12:15.441Z
Link: CVE-2024-43723
Vulnrichment
Updated: 2024-12-11T14:38:29.052Z
NVD
Status : Analyzed
Published: 2024-12-10T22:15:07.663
Modified: 2024-12-17T14:54:52.780
Link: CVE-2024-43723
Redhat
No data.