Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user input, the attacker can inject malicious scripts that run when the page is rendered. This type of attack requires user interaction, as the victim would need to access a manipulated URL or page with the malicious script.
Metrics
Affected Vendors & Products
References
History
Wed, 18 Dec 2024 15:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Adobe
Adobe experience Manager |
|
CPEs | cpe:2.3:a:adobe:experience_manager:*:*:*:*:-:*:*:* cpe:2.3:a:adobe:experience_manager:*:*:*:*:aem_cloud_service:*:*:* |
|
Vendors & Products |
Adobe
Adobe experience Manager |
Wed, 11 Dec 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 10 Dec 2024 22:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user input, the attacker can inject malicious scripts that run when the page is rendered. This type of attack requires user interaction, as the victim would need to access a manipulated URL or page with the malicious script. | |
Title | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | |
Weaknesses | CWE-79 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: adobe
Published: 2024-12-10T22:04:41.377Z
Updated: 2024-12-11T16:41:31.517Z
Reserved: 2024-11-15T18:03:25.994Z
Link: CVE-2024-52822
Vulnrichment
Updated: 2024-12-11T16:41:28.082Z
NVD
Status : Analyzed
Published: 2024-12-10T22:15:14.070
Modified: 2024-12-18T14:35:48.033
Link: CVE-2024-52822
Redhat
No data.