Action not permitted
Modal body text goes here.
Modal Title
Modal Body
WID-SEC-W-2024-1351
Vulnerability from csaf_certbund
Published
2024-06-11 22:00
Modified
2024-07-23 22:00
Summary
Adobe Experience Manager: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Adobe Experience Manager (AEM) ist eine Content-Management-Lösung für die Erstellung von Websites, mobilen Anwendungen und Formularen.
Angriff
Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Adobe Experience Manager ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen oder Sicherheitsmaßnahmen zu umgehen.
Betroffene Betriebssysteme
- Linux
- MacOS X
- Sonstiges
- UNIX
- Windows
{ "document": { "aggregate_severity": { "text": "mittel" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Adobe Experience Manager (AEM) ist eine Content-Management-L\u00f6sung f\u00fcr die Erstellung von Websites, mobilen Anwendungen und Formularen.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Adobe Experience Manager ausnutzen, um einen Cross-Site Scripting Angriff durchzuf\u00fchren oder Sicherheitsma\u00dfnahmen zu umgehen.", "title": "Angriff" }, { "category": "general", "text": "- Linux\n- MacOS X\n- Sonstiges\n- UNIX\n- Windows", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2024-1351 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1351.json" }, { "category": "self", "summary": "WID-SEC-2024-1351 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1351" }, { "category": "external", "summary": "Adobe Security Update vom 2024-06-11", "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source_lang": "en-US", "title": "Adobe Experience Manager: Mehrere Schwachstellen", "tracking": { "current_release_date": "2024-07-23T22:00:00.000+00:00", "generator": { "date": "2024-07-24T08:02:45.329+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2024-1351", "initial_release_date": "2024-06-11T22:00:00.000+00:00", "revision_history": [ { "date": "2024-06-11T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2024-06-24T22:00:00.000+00:00", "number": "2", "summary": "CVE-Nummern erg\u00e4nzt" }, { "date": "2024-07-23T22:00:00.000+00:00", "number": "3", "summary": "CVE\u0027s erg\u00e4nzt" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "\u003cAEM Cloud Service Release 2024.5", "product": { "name": "Adobe Experience Manager \u003cAEM Cloud Service Release 2024.5", "product_id": "T035356", "product_identification_helper": { "cpe": "cpe:/a:adobe:experience_manager:aem_cloud_service_release_2024.5" } } }, { "category": "product_version_range", "name": "\u003c6.5.21", "product": { "name": "Adobe Experience Manager \u003c6.5.21", "product_id": "T035357", "product_identification_helper": { "cpe": "cpe:/a:adobe:experience_manager:6.5.21" } } } ], "category": "product_name", "name": "Experience Manager" } ], "category": "vendor", "name": "Adobe" } ] }, "vulnerabilities": [ { "cve": "CVE-2024-20769", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-20769" }, { "cve": "CVE-2024-20784", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-20784" }, { "cve": "CVE-2024-26036", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-26036" }, { "cve": "CVE-2024-26037", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-26037" }, { "cve": "CVE-2024-26039", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-26039" }, { "cve": "CVE-2024-26049", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-26049" }, { "cve": "CVE-2024-26053", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-26053" }, { "cve": "CVE-2024-26054", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-26054" }, { "cve": "CVE-2024-26055", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-26055" }, { "cve": "CVE-2024-26057", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-26057" }, { "cve": "CVE-2024-26058", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-26058" }, { "cve": "CVE-2024-26060", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-26060" }, { "cve": "CVE-2024-26066", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-26066" }, { "cve": "CVE-2024-26068", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-26068" }, { "cve": "CVE-2024-26070", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-26070" }, { "cve": "CVE-2024-26071", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-26071" }, { "cve": "CVE-2024-26072", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-26072" }, { "cve": "CVE-2024-26074", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-26074" }, { "cve": "CVE-2024-26075", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-26075" }, { "cve": "CVE-2024-26077", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-26077" }, { "cve": "CVE-2024-26078", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-26078" }, { "cve": "CVE-2024-26081", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-26081" }, { "cve": "CVE-2024-26082", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-26082" }, { "cve": "CVE-2024-26083", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-26083" }, { "cve": "CVE-2024-26085", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-26085" }, { "cve": "CVE-2024-26086", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-26086" }, { "cve": "CVE-2024-26088", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-26088" }, { "cve": "CVE-2024-26089", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-26089" }, { "cve": "CVE-2024-2609", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-2609" }, { "cve": "CVE-2024-26090", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-26090" }, { "cve": "CVE-2024-26091", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-26091" }, { "cve": "CVE-2024-26092", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-26092" }, { "cve": "CVE-2024-26093", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-26093" }, { "cve": "CVE-2024-26095", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-26095" }, { "cve": "CVE-2024-26110", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-26110" }, { "cve": "CVE-2024-26111", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-26111" }, { "cve": "CVE-2024-26113", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-26113" }, { "cve": "CVE-2024-26114", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-26114" }, { "cve": "CVE-2024-26115", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-26115" }, { "cve": "CVE-2024-26116", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-26116" }, { "cve": "CVE-2024-26117", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-26117" }, { "cve": "CVE-2024-26121", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-26121" }, { "cve": "CVE-2024-26123", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-26123" }, { "cve": "CVE-2024-26126", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-26126" }, { "cve": "CVE-2024-26127", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-26127" }, { "cve": "CVE-2024-34119", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-34119" }, { "cve": "CVE-2024-34120", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-34120" }, { "cve": "CVE-2024-34128", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-34128" }, { "cve": "CVE-2024-34141", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-34141" }, { "cve": "CVE-2024-34142", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-34142" }, { "cve": "CVE-2024-36141", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36141" }, { "cve": "CVE-2024-36142", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36142" }, { "cve": "CVE-2024-36143", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36143" }, { "cve": "CVE-2024-36144", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36144" }, { "cve": "CVE-2024-36146", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36146" }, { "cve": "CVE-2024-36147", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36147" }, { "cve": "CVE-2024-36148", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36148" }, { "cve": "CVE-2024-36149", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36149" }, { "cve": "CVE-2024-36150", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36150" }, { "cve": "CVE-2024-36151", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36151" }, { "cve": "CVE-2024-36152", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36152" }, { "cve": "CVE-2024-36153", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36153" }, { "cve": "CVE-2024-36154", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36154" }, { "cve": "CVE-2024-36155", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36155" }, { "cve": "CVE-2024-36156", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36156" }, { "cve": "CVE-2024-36157", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36157" }, { "cve": "CVE-2024-36158", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36158" }, { "cve": "CVE-2024-36159", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36159" }, { "cve": "CVE-2024-36160", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36160" }, { "cve": "CVE-2024-36161", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36161" }, { "cve": "CVE-2024-36162", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36162" }, { "cve": "CVE-2024-36163", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36163" }, { "cve": "CVE-2024-36164", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36164" }, { "cve": "CVE-2024-36165", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36165" }, { "cve": "CVE-2024-36166", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36166" }, { "cve": "CVE-2024-36167", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36167" }, { "cve": "CVE-2024-36168", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36168" }, { "cve": "CVE-2024-36169", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36169" }, { "cve": "CVE-2024-36170", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36170" }, { "cve": "CVE-2024-36171", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36171" }, { "cve": "CVE-2024-36172", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36172" }, { "cve": "CVE-2024-36173", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36173" }, { "cve": "CVE-2024-36174", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36174" }, { "cve": "CVE-2024-36175", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36175" }, { "cve": "CVE-2024-36176", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36176" }, { "cve": "CVE-2024-36177", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36177" }, { "cve": "CVE-2024-36178", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36178" }, { "cve": "CVE-2024-36179", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36179" }, { "cve": "CVE-2024-36180", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36180" }, { "cve": "CVE-2024-36181", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36181" }, { "cve": "CVE-2024-36182", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36182" }, { "cve": "CVE-2024-36183", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36183" }, { "cve": "CVE-2024-36184", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36184" }, { "cve": "CVE-2024-36185", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36185" }, { "cve": "CVE-2024-36186", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36186" }, { "cve": "CVE-2024-36187", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36187" }, { "cve": "CVE-2024-36188", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36188" }, { "cve": "CVE-2024-36189", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36189" }, { "cve": "CVE-2024-36190", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36190" }, { "cve": "CVE-2024-36191", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36191" }, { "cve": "CVE-2024-36192", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36192" }, { "cve": "CVE-2024-36193", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36193" }, { "cve": "CVE-2024-36194", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36194" }, { "cve": "CVE-2024-36195", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36195" }, { "cve": "CVE-2024-36196", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36196" }, { "cve": "CVE-2024-36197", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36197" }, { "cve": "CVE-2024-36198", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36198" }, { "cve": "CVE-2024-36199", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36199" }, { "cve": "CVE-2024-36200", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36200" }, { "cve": "CVE-2024-36201", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36201" }, { "cve": "CVE-2024-36202", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36202" }, { "cve": "CVE-2024-36203", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36203" }, { "cve": "CVE-2024-36204", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36204" }, { "cve": "CVE-2024-36205", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36205" }, { "cve": "CVE-2024-36206", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36206" }, { "cve": "CVE-2024-36207", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36207" }, { "cve": "CVE-2024-36208", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36208" }, { "cve": "CVE-2024-36209", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36209" }, { "cve": "CVE-2024-36210", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36210" }, { "cve": "CVE-2024-36211", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36211" }, { "cve": "CVE-2024-36212", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36212" }, { "cve": "CVE-2024-36213", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36213" }, { "cve": "CVE-2024-36214", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36214" }, { "cve": "CVE-2024-36215", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36215" }, { "cve": "CVE-2024-36216", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36216" }, { "cve": "CVE-2024-36217", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36217" }, { "cve": "CVE-2024-36218", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36218" }, { "cve": "CVE-2024-36219", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36219" }, { "cve": "CVE-2024-36220", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36220" }, { "cve": "CVE-2024-36221", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36221" }, { "cve": "CVE-2024-36222", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36222" }, { "cve": "CVE-2024-36223", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36223" }, { "cve": "CVE-2024-36224", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36224" }, { "cve": "CVE-2024-36225", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36225" }, { "cve": "CVE-2024-36227", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36227" }, { "cve": "CVE-2024-36228", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36228" }, { "cve": "CVE-2024-36229", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36229" }, { "cve": "CVE-2024-36230", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36230" }, { "cve": "CVE-2024-36231", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36231" }, { "cve": "CVE-2024-36232", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36232" }, { "cve": "CVE-2024-36233", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36233" }, { "cve": "CVE-2024-36234", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36234" }, { "cve": "CVE-2024-36235", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36235" }, { "cve": "CVE-2024-36236", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36236" }, { "cve": "CVE-2024-36238", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36238" }, { "cve": "CVE-2024-36239", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36239" }, { "cve": "CVE-2024-26029", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Schwachstellen. Diese sind auf Fehler bei der Zugriffskontrolle und Fehler bei der \u00dcberpr\u00fcfung von Eingaben zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsvorkehrungen zu umgehen." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-26029" }, { "cve": "CVE-2024-36226", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Schwachstellen. Diese sind auf Fehler bei der Zugriffskontrolle und Fehler bei der \u00dcberpr\u00fcfung von Eingaben zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsvorkehrungen zu umgehen." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-36226" }, { "cve": "CVE-2024-41839", "notes": [ { "category": "description", "text": "In Adobe Experience Manager existieren mehrere Schwachstellen. Diese sind auf Fehler bei der Zugriffskontrolle und Fehler bei der \u00dcberpr\u00fcfung von Eingaben zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsvorkehrungen zu umgehen." } ], "release_date": "2024-06-11T22:00:00Z", "title": "CVE-2024-41839" } ] }
cve-2024-36159
Vulnerability from cvelistv5
Published
2024-06-13 07:52
Modified
2024-10-07 12:30
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-36159", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T19:26:09.701158Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T19:26:19.392Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.088Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T12:30:31.736Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36159", "datePublished": "2024-06-13T07:52:51.919Z", "dateReserved": "2024-05-21T17:04:23.617Z", "dateUpdated": "2024-10-07T12:30:31.736Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26089
Vulnerability from cvelistv5
Published
2024-06-13 07:52
Modified
2024-10-07 13:23
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue requires user interaction, as the victim needs to visit a web page with a maliciously crafted script.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26089", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T19:19:34.481091Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T19:19:50.338Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T23:59:32.296Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim\u0027s browser session. Exploitation of this issue requires user interaction, as the victim needs to visit a web page with a maliciously crafted script." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "UNCHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:23:19.197Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-26089", "datePublished": "2024-06-13T07:52:48.134Z", "dateReserved": "2024-02-14T17:37:23.395Z", "dateUpdated": "2024-10-07T13:23:19.197Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26082
Vulnerability from cvelistv5
Published
2024-06-13 07:53
Modified
2024-10-07 13:25
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*" ], "defaultStatus": "affected", "product": "experience_manager_cloud_service", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-26082", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T16:47:37.797033Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T16:48:13.606Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T23:59:32.304Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:25:23.839Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-26082", "datePublished": "2024-06-13T07:53:48.066Z", "dateReserved": "2024-02-14T17:37:23.394Z", "dateUpdated": "2024-10-07T13:25:23.839Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-41839
Vulnerability from cvelistv5
Published
2024-07-23 11:34
Modified
2024-10-07 12:27
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation vulnerability that could lead to a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect the integrity of the page. Exploitation of this issue requires user interaction.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*" ], "defaultStatus": "affected", "product": "experience_manager", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-41839", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-07-23T13:31:29.087554Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-23T13:32:21.863Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T04:46:52.694Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation vulnerability that could lead to a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect the integrity of the page. Exploitation of this issue requires user interaction." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 3.5, "environmentalSeverity": "LOW", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "NONE", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "UNCHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 3.5, "temporalSeverity": "LOW", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "Improper Input Validation (CWE-20)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T12:27:38.097Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Improper Input Validation (CWE-20)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-41839", "datePublished": "2024-07-23T11:34:54.665Z", "dateReserved": "2024-07-22T17:16:40.934Z", "dateUpdated": "2024-10-07T12:27:38.097Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36222
Vulnerability from cvelistv5
Published
2024-06-13 07:53
Modified
2024-10-07 13:30
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically requires user interaction, such as convincing a victim to click on a specially crafted link or to submit a form that triggers the vulnerability.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-36222", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T19:14:13.749967Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T19:14:30.435Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.374Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim\u0027s browser session. Exploitation of this issue typically requires user interaction, such as convincing a victim to click on a specially crafted link or to submit a form that triggers the vulnerability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:30:53.603Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36222", "datePublished": "2024-06-13T07:53:36.629Z", "dateReserved": "2024-05-21T17:07:35.269Z", "dateUpdated": "2024-10-07T13:30:53.603Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36227
Vulnerability from cvelistv5
Published
2024-06-13 07:52
Modified
2024-10-07 13:41
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically requires user interaction, such as convincing a user to click on a specially crafted link or to submit a malicious form.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:adobe:experience_manager:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "experience_manager", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:adobe:experience_manager_cloud_service:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "experience_manager_cloud_service", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-36227", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-06-14T13:23:00.628901Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-14T13:26:06.339Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.227Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim\u0027s browser session. Exploitation of this issue typically requires user interaction, such as convincing a user to click on a specially crafted link or to submit a malicious form." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:41:06.810Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36227", "datePublished": "2024-06-13T07:52:20.960Z", "dateReserved": "2024-05-21T17:07:35.270Z", "dateUpdated": "2024-10-07T13:41:06.810Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36189
Vulnerability from cvelistv5
Published
2024-06-13 07:53
Modified
2024-10-07 13:10
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-36189", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T19:00:28.121142Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T19:00:34.319Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.012Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:10:27.443Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36189", "datePublished": "2024-06-13T07:53:17.130Z", "dateReserved": "2024-05-21T17:04:23.624Z", "dateUpdated": "2024-10-07T13:10:27.443Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36147
Vulnerability from cvelistv5
Published
2024-06-13 07:53
Modified
2024-10-07 12:27
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-36147", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T18:53:50.676837Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T19:04:51.687Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.075Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T12:27:26.996Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36147", "datePublished": "2024-06-13T07:53:26.881Z", "dateReserved": "2024-05-21T17:04:23.616Z", "dateUpdated": "2024-10-07T12:27:26.996Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36162
Vulnerability from cvelistv5
Published
2024-06-13 07:53
Modified
2024-10-07 12:31
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:adobe:experience_manager:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "experience_manager", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:adobe:experience_manager_cloud_service:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "experience_manager_cloud_service", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-36162", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-06-14T13:19:23.775868Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-14T13:21:03.930Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:12.889Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T12:31:16.575Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36162", "datePublished": "2024-06-13T07:53:05.771Z", "dateReserved": "2024-05-21T17:04:23.618Z", "dateUpdated": "2024-10-07T12:31:16.575Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36228
Vulnerability from cvelistv5
Published
2024-06-13 07:53
Modified
2024-10-07 13:44
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue requires user interaction, such as convincing a victim to click on a specially crafted link or to submit a form that triggers the vulnerability.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-36228", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T18:11:55.568782Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T18:12:04.418Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.160Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim\u0027s browser session. Exploitation of this issue requires user interaction, such as convincing a victim to click on a specially crafted link or to submit a form that triggers the vulnerability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:44:18.988Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36228", "datePublished": "2024-06-13T07:53:01.230Z", "dateReserved": "2024-05-21T17:07:35.270Z", "dateUpdated": "2024-10-07T13:44:18.988Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36215
Vulnerability from cvelistv5
Published
2024-06-13 07:53
Modified
2024-10-07 13:20
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:adobe:experience_manager:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "experience_manager", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-36215", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T16:27:22.929440Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T16:29:07.256Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.208Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:20:29.444Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36215", "datePublished": "2024-06-13T07:53:29.878Z", "dateReserved": "2024-05-21T17:07:35.268Z", "dateUpdated": "2024-10-07T13:20:29.444Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36143
Vulnerability from cvelistv5
Published
2024-06-13 07:53
Modified
2024-10-07 12:26
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-36143", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T19:01:23.773266Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T19:01:32.506Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.052Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T12:26:53.193Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36143", "datePublished": "2024-06-13T07:53:16.373Z", "dateReserved": "2024-05-21T17:04:23.615Z", "dateUpdated": "2024-10-07T12:26:53.193Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36163
Vulnerability from cvelistv5
Published
2024-06-13 07:52
Modified
2024-10-07 12:31
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:adobe:experience_manager:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "experience_manager", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:adobe:experience_manager_cloud_service:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "experience_manager_cloud_service", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-36163", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-06-14T13:20:45.565356Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-14T13:22:38.472Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.060Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T12:31:28.228Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36163", "datePublished": "2024-06-13T07:52:41.200Z", "dateReserved": "2024-05-21T17:04:23.618Z", "dateUpdated": "2024-10-07T12:31:28.228Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36144
Vulnerability from cvelistv5
Published
2024-06-13 07:53
Modified
2024-10-07 12:27
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-36144", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T15:44:54.965925Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-05T17:22:51.031Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.058Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T12:27:04.434Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36144", "datePublished": "2024-06-13T07:53:38.086Z", "dateReserved": "2024-05-21T17:04:23.615Z", "dateUpdated": "2024-10-07T12:27:04.434Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36186
Vulnerability from cvelistv5
Published
2024-06-13 07:53
Modified
2024-10-07 13:09
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:adobe:experience_manager:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "experience_manager", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:adobe:experience_manager_cloud_service:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "experience_manager_cloud_service", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-36186", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-06-14T13:06:54.010983Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-14T13:13:42.295Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.234Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:09:17.987Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36186", "datePublished": "2024-06-13T07:53:31.360Z", "dateReserved": "2024-05-21T17:04:23.624Z", "dateUpdated": "2024-10-07T13:09:17.987Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36175
Vulnerability from cvelistv5
Published
2024-06-13 07:53
Modified
2024-10-07 13:07
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-36175", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T18:04:08.420567Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T18:04:25.696Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.219Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:07:01.712Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36175", "datePublished": "2024-06-13T07:53:24.638Z", "dateReserved": "2024-05-21T17:04:23.621Z", "dateUpdated": "2024-10-07T13:07:01.712Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36182
Vulnerability from cvelistv5
Published
2024-06-13 07:52
Modified
2024-10-07 13:08
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-36182", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T19:06:52.713763Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T19:07:16.385Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.220Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:08:32.589Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36182", "datePublished": "2024-06-13T07:52:28.519Z", "dateReserved": "2024-05-21T17:04:23.623Z", "dateUpdated": "2024-10-07T13:08:32.589Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26121
Vulnerability from cvelistv5
Published
2024-06-13 07:52
Modified
2024-10-07 13:16
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:adobe:experience_manager:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "experience_manager", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:adobe:experience_manager_cloud_service:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "experience_manager_cloud_service", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-26121", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-06-14T13:20:04.403886Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-14T13:21:54.180Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T23:59:32.438Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:16:28.165Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-26121", "datePublished": "2024-06-13T07:52:54.156Z", "dateReserved": "2024-02-14T17:37:23.405Z", "dateUpdated": "2024-10-07T13:16:28.165Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36234
Vulnerability from cvelistv5
Published
2024-06-13 07:53
Modified
2024-10-07 14:07
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically requires user interaction, such as convincing a user to click on a specially crafted link or to submit a form that triggers the vulnerability.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-36234", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T13:20:44.574078Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T13:20:56.922Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.220Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim\u0027s browser session. Exploitation of this issue typically requires user interaction, such as convincing a user to click on a specially crafted link or to submit a form that triggers the vulnerability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T14:07:04.451Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36234", "datePublished": "2024-06-13T07:53:17.883Z", "dateReserved": "2024-05-21T17:07:35.273Z", "dateUpdated": "2024-10-07T14:07:04.451Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36160
Vulnerability from cvelistv5
Published
2024-06-13 07:53
Modified
2024-10-07 12:30
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-36160", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T17:13:23.889159Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T17:13:44.678Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:12.987Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T12:30:54.210Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36160", "datePublished": "2024-06-13T07:53:41.008Z", "dateReserved": "2024-05-21T17:04:23.617Z", "dateUpdated": "2024-10-07T12:30:54.210Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36218
Vulnerability from cvelistv5
Published
2024-06-13 07:53
Modified
2024-10-07 13:23
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:adobe:experience_manager:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "experience_manager", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:adobe:experience_manager_cloud_service:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "experience_manager_cloud_service", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-36218", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-06-14T13:19:37.348710Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-14T13:21:22.649Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.075Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:23:41.615Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36218", "datePublished": "2024-06-13T07:53:04.230Z", "dateReserved": "2024-05-21T17:07:35.269Z", "dateUpdated": "2024-10-07T13:23:41.615Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26088
Vulnerability from cvelistv5
Published
2024-06-13 07:53
Modified
2024-10-07 13:23
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26088", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T16:24:36.303297Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-24T18:33:21.477Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T23:59:31.863Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:23:30.170Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-26088", "datePublished": "2024-06-13T07:53:47.298Z", "dateReserved": "2024-02-14T17:37:23.395Z", "dateUpdated": "2024-10-07T13:23:30.170Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26091
Vulnerability from cvelistv5
Published
2024-06-13 07:52
Modified
2024-10-07 13:22
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically requires user interaction, such as convincing a victim to click on a specially crafted link or to submit a form that causes the vulnerable script to execute.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26091", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T13:16:26.546337Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T13:16:34.354Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T23:59:32.702Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim\u0027s browser session. Exploitation of this issue typically requires user interaction, such as convincing a victim to click on a specially crafted link or to submit a form that causes the vulnerable script to execute." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "UNCHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:22:55.594Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-26091", "datePublished": "2024-06-13T07:52:25.486Z", "dateReserved": "2024-02-14T17:37:23.396Z", "dateUpdated": "2024-10-07T13:22:55.594Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26093
Vulnerability from cvelistv5
Published
2024-06-13 07:53
Modified
2024-10-07 13:22
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26093", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T18:09:30.732871Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T18:09:37.333Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T23:59:32.316Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim\u0027s browser." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Reflected XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:22:21.472Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-26093", "datePublished": "2024-06-13T07:53:21.636Z", "dateReserved": "2024-02-14T17:37:23.396Z", "dateUpdated": "2024-10-07T13:22:21.472Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-20769
Vulnerability from cvelistv5
Published
2024-06-13 07:53
Modified
2024-10-07 13:15
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-20769", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T13:24:01.338774Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T13:24:16.737Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T21:59:42.897Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:15:08.536Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-20769", "datePublished": "2024-06-13T07:53:51.092Z", "dateReserved": "2023-12-04T16:52:22.987Z", "dateUpdated": "2024-10-07T13:15:08.536Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26086
Vulnerability from cvelistv5
Published
2024-06-13 07:52
Modified
2024-10-07 13:24
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26086", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T18:15:33.132433Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T18:15:40.468Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T23:59:32.201Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim\u0027s browser." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Reflected XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:24:15.924Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-26086", "datePublished": "2024-06-13T07:52:17.159Z", "dateReserved": "2024-02-14T17:37:23.395Z", "dateUpdated": "2024-10-07T13:24:15.924Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26083
Vulnerability from cvelistv5
Published
2024-06-13 07:53
Modified
2024-10-07 13:24
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26083", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T13:32:48.109389Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T13:32:53.818Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T23:59:32.477Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:24:49.921Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-26083", "datePublished": "2024-06-13T07:53:34.338Z", "dateReserved": "2024-02-14T17:37:23.394Z", "dateUpdated": "2024-10-07T13:24:49.921Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36204
Vulnerability from cvelistv5
Published
2024-06-13 07:53
Modified
2024-10-07 13:15
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:adobe:experience_manager:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "experience_manager", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:adobe:experience_manager_cloud_service:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "experience_manager_cloud_service", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-36204", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-06-14T13:07:21.200836Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-14T13:14:17.265Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.218Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:15:42.978Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36204", "datePublished": "2024-06-13T07:53:29.119Z", "dateReserved": "2024-05-21T17:07:35.267Z", "dateUpdated": "2024-10-07T13:15:42.978Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26053
Vulnerability from cvelistv5
Published
2024-06-13 07:53
Modified
2024-10-07 13:37
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue requires user interaction, such as convincing a victim to click on a specially crafted link or to submit a form that triggers the vulnerability.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26053", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T19:15:18.548180Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T19:15:29.940Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T23:59:31.956Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim\u0027s browser session. Exploitation of this issue requires user interaction, such as convincing a victim to click on a specially crafted link or to submit a form that triggers the vulnerability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:37:07.998Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-26053", "datePublished": "2024-06-13T07:53:28.387Z", "dateReserved": "2024-02-14T17:37:23.389Z", "dateUpdated": "2024-10-07T13:37:07.998Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36212
Vulnerability from cvelistv5
Published
2024-06-13 07:52
Modified
2024-10-07 13:19
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-36212", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T17:16:41.581271Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T17:16:51.968Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.220Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:19:55.408Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36212", "datePublished": "2024-06-13T07:52:34.545Z", "dateReserved": "2024-05-21T17:07:35.268Z", "dateUpdated": "2024-10-07T13:19:55.408Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26070
Vulnerability from cvelistv5
Published
2024-06-13 07:52
Modified
2024-10-07 13:29
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26070", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T19:18:09.557030Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T19:18:19.343Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T23:59:32.272Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:29:11.592Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-26070", "datePublished": "2024-06-13T07:52:52.669Z", "dateReserved": "2024-02-14T17:37:23.393Z", "dateUpdated": "2024-10-07T13:29:11.592Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36205
Vulnerability from cvelistv5
Published
2024-06-13 07:53
Modified
2024-10-07 13:15
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-36205", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T18:59:58.578974Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T19:00:07.655Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.246Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:15:54.011Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36205", "datePublished": "2024-06-13T07:53:23.874Z", "dateReserved": "2024-05-21T17:07:35.267Z", "dateUpdated": "2024-10-07T13:15:54.011Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36161
Vulnerability from cvelistv5
Published
2024-06-13 07:52
Modified
2024-10-07 12:31
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:adobe:experience_manager:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "experience_manager", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:adobe:experience_manager_cloud_service:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "experience_manager_cloud_service", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-36161", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-06-14T13:24:08.757302Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-14T13:27:31.451Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.135Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T12:31:05.397Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36161", "datePublished": "2024-06-13T07:52:10.942Z", "dateReserved": "2024-05-21T17:04:23.618Z", "dateUpdated": "2024-10-07T12:31:05.397Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36209
Vulnerability from cvelistv5
Published
2024-06-13 07:52
Modified
2024-10-07 13:17
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:adobe:experience_manager:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "experience_manager", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-36209", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T16:58:28.712495Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T17:00:16.931Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.227Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:17:17.713Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36209", "datePublished": "2024-06-13T07:52:36.035Z", "dateReserved": "2024-05-21T17:07:35.267Z", "dateUpdated": "2024-10-07T13:17:17.713Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36153
Vulnerability from cvelistv5
Published
2024-06-13 07:53
Modified
2024-10-07 12:28
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-36153", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T13:22:29.255963Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T13:39:57.576Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.032Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T12:28:57.068Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36153", "datePublished": "2024-06-13T07:53:42.048Z", "dateReserved": "2024-05-21T17:04:23.617Z", "dateUpdated": "2024-10-07T12:28:57.068Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36169
Vulnerability from cvelistv5
Published
2024-06-13 07:53
Modified
2024-10-07 12:32
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-36169", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T19:05:18.905121Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T19:05:27.716Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.031Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T12:32:47.105Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36169", "datePublished": "2024-06-13T07:53:01.989Z", "dateReserved": "2024-05-21T17:04:23.620Z", "dateUpdated": "2024-10-07T12:32:47.105Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26081
Vulnerability from cvelistv5
Published
2024-06-13 07:52
Modified
2024-10-07 13:25
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:adobe:experience_manager:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "experience_manager", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:adobe:experience_manager_cloud_service:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "experience_manager_cloud_service", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-26081", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-06-14T13:23:55.277633Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-14T13:27:13.421Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T23:59:32.338Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:25:35.021Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-26081", "datePublished": "2024-06-13T07:52:13.245Z", "dateReserved": "2024-02-14T17:37:23.394Z", "dateUpdated": "2024-10-07T13:25:35.021Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36164
Vulnerability from cvelistv5
Published
2024-06-13 07:52
Modified
2024-10-07 12:31
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-36164", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T13:17:11.818037Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T13:17:19.366Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.077Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T12:31:50.566Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36164", "datePublished": "2024-06-13T07:52:45.715Z", "dateReserved": "2024-05-21T17:04:23.619Z", "dateUpdated": "2024-10-07T12:31:50.566Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36213
Vulnerability from cvelistv5
Published
2024-06-13 07:53
Modified
2024-10-07 13:20
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-36213", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T13:30:38.043880Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T13:32:26.467Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.218Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:20:06.555Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36213", "datePublished": "2024-06-13T07:53:57.154Z", "dateReserved": "2024-05-21T17:07:35.268Z", "dateUpdated": "2024-10-07T13:20:06.555Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36224
Vulnerability from cvelistv5
Published
2024-06-13 07:53
Modified
2024-10-07 13:31
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically requires user interaction, such as convincing a user to click on a specially crafted link or to submit a form that causes the vulnerable script to execute.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-36224", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T13:23:43.335040Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T13:23:53.120Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.228Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim\u0027s browser session. Exploitation of this issue typically requires user interaction, such as convincing a user to click on a specially crafted link or to submit a form that causes the vulnerable script to execute." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:31:27.900Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36224", "datePublished": "2024-06-13T07:53:45.825Z", "dateReserved": "2024-05-21T17:07:35.269Z", "dateUpdated": "2024-10-07T13:31:27.900Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36217
Vulnerability from cvelistv5
Published
2024-06-13 07:53
Modified
2024-10-07 13:21
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-36217", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T19:16:43.660884Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T19:16:51.392Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.185Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:21:36.682Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36217", "datePublished": "2024-06-13T07:53:27.634Z", "dateReserved": "2024-05-21T17:07:35.268Z", "dateUpdated": "2024-10-07T13:21:36.682Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36192
Vulnerability from cvelistv5
Published
2024-06-13 07:53
Modified
2024-10-07 13:11
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-36192", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T19:20:18.341435Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T19:20:26.252Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.044Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:11:33.647Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36192", "datePublished": "2024-06-13T07:53:20.149Z", "dateReserved": "2024-05-21T17:07:35.264Z", "dateUpdated": "2024-10-07T13:11:33.647Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36203
Vulnerability from cvelistv5
Published
2024-06-13 07:52
Modified
2024-10-07 13:15
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-36203", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T14:58:07.562138Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T14:58:14.650Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.124Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:15:31.005Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36203", "datePublished": "2024-06-13T07:52:20.195Z", "dateReserved": "2024-05-21T17:07:35.267Z", "dateUpdated": "2024-10-07T13:15:31.005Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-34120
Vulnerability from cvelistv5
Published
2024-06-13 07:53
Modified
2024-10-07 12:26
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*" ], "defaultStatus": "affected", "product": "experience_manager_cloud_service", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-34120", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T16:27:10.918716Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T16:31:48.543Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T02:43:00.455Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T12:26:19.262Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-34120", "datePublished": "2024-06-13T07:53:48.828Z", "dateReserved": "2024-04-30T19:50:50.905Z", "dateUpdated": "2024-10-07T12:26:19.262Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36156
Vulnerability from cvelistv5
Published
2024-06-13 07:53
Modified
2024-10-07 12:29
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-36156", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T17:11:42.607932Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T17:12:05.840Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:12.988Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T12:29:42.238Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36156", "datePublished": "2024-06-13T07:53:52.604Z", "dateReserved": "2024-05-21T17:04:23.617Z", "dateUpdated": "2024-10-07T12:29:42.238Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26092
Vulnerability from cvelistv5
Published
2024-06-13 07:53
Modified
2024-10-07 13:22
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26092", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T18:05:50.416962Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T18:05:57.613Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T23:59:32.318Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:22:44.146Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-26092", "datePublished": "2024-06-13T07:53:22.381Z", "dateReserved": "2024-02-14T17:37:23.396Z", "dateUpdated": "2024-10-07T13:22:44.146Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36230
Vulnerability from cvelistv5
Published
2024-06-13 07:53
Modified
2024-10-07 13:46
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically requires user interaction, such as convincing a user to click on a specially crafted link or to submit a form that causes the execution of the malicious script.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-36230", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T18:49:18.529846Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T18:53:15.064Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.172Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim\u0027s browser session. Exploitation of this issue typically requires user interaction, such as convincing a user to click on a specially crafted link or to submit a form that causes the execution of the malicious script." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:46:46.787Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36230", "datePublished": "2024-06-13T07:53:39.517Z", "dateReserved": "2024-05-21T17:07:35.272Z", "dateUpdated": "2024-10-07T13:46:46.787Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36173
Vulnerability from cvelistv5
Published
2024-06-13 07:53
Modified
2024-10-07 13:06
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-36173", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T13:21:34.492533Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T13:22:17.905Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.046Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:06:27.632Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36173", "datePublished": "2024-06-13T07:53:35.083Z", "dateReserved": "2024-05-21T17:04:23.621Z", "dateUpdated": "2024-10-07T13:06:27.632Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36165
Vulnerability from cvelistv5
Published
2024-06-13 07:53
Modified
2024-10-07 12:32
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:adobe:experience_manager:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "experience_manager", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:adobe:experience_manager_cloud_service:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "experience_manager_cloud_service", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-36165", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-06-14T13:06:40.458122Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-14T13:13:15.465Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.048Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T12:32:02.151Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36165", "datePublished": "2024-06-13T07:53:32.103Z", "dateReserved": "2024-05-21T17:04:23.619Z", "dateUpdated": "2024-10-07T12:32:02.151Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36236
Vulnerability from cvelistv5
Published
2024-06-13 07:53
Modified
2024-10-07 14:10
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue requires user interaction, such as convincing a victim to click on a specially crafted link.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-36236", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T13:53:00.325240Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T13:53:06.485Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.217Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim\u0027s browser session. Exploitation of this issue requires user interaction, such as convincing a victim to click on a specially crafted link." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T14:10:38.867Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36236", "datePublished": "2024-06-13T07:53:50.347Z", "dateReserved": "2024-05-21T17:07:35.273Z", "dateUpdated": "2024-10-07T14:10:38.867Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36194
Vulnerability from cvelistv5
Published
2024-06-13 07:53
Modified
2024-10-07 13:12
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-36194", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T19:21:40.774381Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T19:21:52.649Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.224Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:12:18.552Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36194", "datePublished": "2024-06-13T07:53:03.471Z", "dateReserved": "2024-05-21T17:07:35.264Z", "dateUpdated": "2024-10-07T13:12:18.552Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26126
Vulnerability from cvelistv5
Published
2024-06-13 07:53
Modified
2024-10-07 13:39
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect the integrity of the page. Exploitation of this issue requires user interaction.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:adobe:experience_manager:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "experience_manager", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:adobe:experience_manager_cloud_service:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "experience_manager_cloud_service", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-26126", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-06-14T13:18:03.513973Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-14T13:19:41.905Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T23:59:32.191Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect the integrity of the page. Exploitation of this issue requires user interaction." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 3.5, "environmentalSeverity": "LOW", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "NONE", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "UNCHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 3.5, "temporalSeverity": "LOW", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "Improper Input Validation (CWE-20)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:39:23.740Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Improper Input Validation (CWE-20)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-26126", "datePublished": "2024-06-13T07:53:56.382Z", "dateReserved": "2024-02-14T17:37:23.406Z", "dateUpdated": "2024-10-07T13:39:23.740Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36221
Vulnerability from cvelistv5
Published
2024-06-13 07:52
Modified
2024-10-07 13:26
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-36221", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T21:23:34.305806Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T21:23:42.014Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.193Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:26:54.967Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36221", "datePublished": "2024-06-13T07:52:37.515Z", "dateReserved": "2024-05-21T17:07:35.269Z", "dateUpdated": "2024-10-07T13:26:54.967Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36148
Vulnerability from cvelistv5
Published
2024-06-13 07:52
Modified
2024-10-07 12:27
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:adobe:experience_manager:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "experience_manager", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-36148", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T16:50:41.730533Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T16:51:26.532Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.046Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T12:27:49.338Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36148", "datePublished": "2024-06-13T07:52:41.967Z", "dateReserved": "2024-05-21T17:04:23.616Z", "dateUpdated": "2024-10-07T12:27:49.338Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26049
Vulnerability from cvelistv5
Published
2024-06-13 07:52
Modified
2024-10-07 13:39
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:adobe:experience_manager:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "experience_manager", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "6.5.50", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-26049", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T16:53:47.597556Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T16:55:26.489Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T23:59:31.336Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 4.8, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "HIGH", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "HIGH", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 4.8, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:39:46.750Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-26049", "datePublished": "2024-06-13T07:52:38.976Z", "dateReserved": "2024-02-14T17:37:23.389Z", "dateUpdated": "2024-10-07T13:39:46.750Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36206
Vulnerability from cvelistv5
Published
2024-06-13 07:53
Modified
2024-10-07 13:16
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:adobe:experience_manager:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "experience_manager", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:adobe:experience_manager_cloud_service:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "experience_manager_cloud_service", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-36206", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-06-14T13:05:59.301610Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-14T13:10:37.382Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.140Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim\u0027s browser." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Reflected XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:16:05.252Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36206", "datePublished": "2024-06-13T07:53:42.798Z", "dateReserved": "2024-05-21T17:07:35.267Z", "dateUpdated": "2024-10-07T13:16:05.252Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36155
Vulnerability from cvelistv5
Published
2024-06-13 07:52
Modified
2024-10-07 12:29
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:adobe:experience_manager:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "experience_manager", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:adobe:experience_manager_cloud_service:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "experience_manager_cloud_service", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-36155", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-06-14T13:23:27.850246Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-14T13:26:38.905Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:12.995Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T12:29:19.775Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36155", "datePublished": "2024-06-13T07:52:16.232Z", "dateReserved": "2024-05-21T17:04:23.617Z", "dateUpdated": "2024-10-07T12:29:19.775Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36170
Vulnerability from cvelistv5
Published
2024-06-13 07:53
Modified
2024-10-07 12:33
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-36170", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T19:02:00.552757Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T19:02:06.531Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.053Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T12:33:10.874Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36170", "datePublished": "2024-06-13T07:53:12.553Z", "dateReserved": "2024-05-21T17:04:23.620Z", "dateUpdated": "2024-10-07T12:33:10.874Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36232
Vulnerability from cvelistv5
Published
2024-06-13 07:52
Modified
2024-10-07 13:51
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-36232", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T18:14:33.448582Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T18:14:39.939Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.128Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:51:04.622Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36232", "datePublished": "2024-06-13T07:52:09.444Z", "dateReserved": "2024-05-21T17:07:35.272Z", "dateUpdated": "2024-10-07T13:51:04.622Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36142
Vulnerability from cvelistv5
Published
2024-06-13 07:52
Modified
2024-10-07 12:26
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-36142", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T18:31:09.496020Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T18:31:19.181Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.135Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T12:26:41.976Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36142", "datePublished": "2024-06-13T07:52:31.527Z", "dateReserved": "2024-05-21T17:04:23.615Z", "dateUpdated": "2024-10-07T12:26:41.976Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36158
Vulnerability from cvelistv5
Published
2024-06-13 07:52
Modified
2024-10-07 12:30
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-36158", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T19:20:31.522493Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T19:20:55.131Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:12.993Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T12:30:20.348Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36158", "datePublished": "2024-06-13T07:52:44.233Z", "dateReserved": "2024-05-21T17:04:23.617Z", "dateUpdated": "2024-10-07T12:30:20.348Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36198
Vulnerability from cvelistv5
Published
2024-06-13 07:52
Modified
2024-10-07 13:13
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-36198", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T21:22:23.328652Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T21:22:30.722Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.128Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:13:15.151Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36198", "datePublished": "2024-06-13T07:52:59.611Z", "dateReserved": "2024-05-21T17:07:35.265Z", "dateUpdated": "2024-10-07T13:13:15.151Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36226
Vulnerability from cvelistv5
Published
2024-06-13 07:52
Modified
2024-10-07 13:38
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect the integrity of the page. Exploitation of this issue requires user interaction.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:adobe:experience_manager:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "experience_manager", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:adobe:experience_manager_cloud_service:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "experience_manager_cloud_service", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-36226", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-06-14T13:22:33.962306Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-14T13:25:38.727Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.330Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect the integrity of the page. Exploitation of this issue requires user interaction." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 3.5, "environmentalSeverity": "LOW", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "NONE", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "UNCHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 3.5, "temporalSeverity": "LOW", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "Improper Input Validation (CWE-20)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:38:49.359Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Improper Input Validation (CWE-20)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36226", "datePublished": "2024-06-13T07:52:22.442Z", "dateReserved": "2024-05-21T17:07:35.270Z", "dateUpdated": "2024-10-07T13:38:49.359Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26111
Vulnerability from cvelistv5
Published
2024-06-13 07:53
Modified
2024-10-07 13:19
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26111", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T17:14:05.080516Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T17:14:31.695Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T23:59:32.567Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim\u0027s browser." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Reflected XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:19:21.929Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-26111", "datePublished": "2024-06-13T07:53:37.365Z", "dateReserved": "2024-02-14T17:37:23.403Z", "dateUpdated": "2024-10-07T13:19:21.929Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26036
Vulnerability from cvelistv5
Published
2024-06-13 07:52
Modified
2024-10-07 13:52
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:adobe:acrobat:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "acrobat", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-26036", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T16:43:20.362001Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T16:44:08.086Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T23:59:31.294Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:52:45.858Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-26036", "datePublished": "2024-06-13T07:52:51.143Z", "dateReserved": "2024-02-14T17:37:23.387Z", "dateUpdated": "2024-10-07T13:52:45.858Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36233
Vulnerability from cvelistv5
Published
2024-06-13 07:53
Modified
2024-10-07 13:53
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically requires user interaction, such as convincing a victim to click on a malicious link.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-36233", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T15:29:26.929910Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-23T20:28:33.726Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.185Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim\u0027s browser session. Exploitation of this issue typically requires user interaction, such as convincing a victim to click on a malicious link." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:53:42.800Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36233", "datePublished": "2024-06-13T07:53:45.050Z", "dateReserved": "2024-05-21T17:07:35.273Z", "dateUpdated": "2024-10-07T13:53:42.800Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36174
Vulnerability from cvelistv5
Published
2024-06-13 07:53
Modified
2024-10-07 13:06
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-36174", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T13:17:30.629459Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T13:17:39.703Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.083Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:06:50.058Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36174", "datePublished": "2024-06-13T07:53:00.465Z", "dateReserved": "2024-05-21T17:04:23.621Z", "dateUpdated": "2024-10-07T13:06:50.058Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36219
Vulnerability from cvelistv5
Published
2024-06-13 07:52
Modified
2024-10-07 13:25
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:adobe:experience_manager:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "experience_manager", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:adobe:experience_manager_cloud_service:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "experience_manager_cloud_service", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-36219", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-06-14T13:22:47.357637Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-14T13:25:53.865Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.205Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:25:01.140Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36219", "datePublished": "2024-06-13T07:52:21.707Z", "dateReserved": "2024-05-21T17:07:35.269Z", "dateUpdated": "2024-10-07T13:25:01.140Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36229
Vulnerability from cvelistv5
Published
2024-06-13 07:53
Modified
2024-10-07 13:44
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically requires user interaction, such as convincing a user to click on a specially crafted link or to submit a malicious form.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-36229", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T18:18:12.735460Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T18:18:27.109Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.144Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim\u0027s browser session. Exploitation of this issue typically requires user interaction, such as convincing a user to click on a specially crafted link or to submit a malicious form." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:44:42.218Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36229", "datePublished": "2024-06-13T07:53:51.846Z", "dateReserved": "2024-05-21T17:07:35.272Z", "dateUpdated": "2024-10-07T13:44:42.218Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-20784
Vulnerability from cvelistv5
Published
2024-06-13 07:53
Modified
2024-10-07 13:13
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:adobe:experience_manager:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "experience_manager", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:adobe:experience_manager_cloud_service:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "experience_manager_cloud_service", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-20784", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-06-14T13:19:10.291404Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-14T13:20:48.488Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T22:06:35.701Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:13:26.252Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-20784", "datePublished": "2024-06-13T07:53:07.270Z", "dateReserved": "2023-12-04T16:52:22.990Z", "dateUpdated": "2024-10-07T13:13:26.252Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26117
Vulnerability from cvelistv5
Published
2024-06-13 07:52
Modified
2024-10-07 13:17
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:adobe:experience_manager:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "experience_manager", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-26117", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T18:00:23.041360Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T18:01:33.905Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T23:59:32.379Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim\u0027s browser." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Reflected XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:17:51.498Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-26117", "datePublished": "2024-06-13T07:52:29.257Z", "dateReserved": "2024-02-14T17:37:23.405Z", "dateUpdated": "2024-10-07T13:17:51.498Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36183
Vulnerability from cvelistv5
Published
2024-06-13 07:52
Modified
2024-10-07 13:08
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically requires user interaction, such as convincing a user to click on a specially crafted link or to submit a malicious form.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:adobe:experience_manager:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "experience_manager", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-36183", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T16:44:59.083543Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T16:49:20.076Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.074Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim\u0027s browser session. Exploitation of this issue typically requires user interaction, such as convincing a user to click on a specially crafted link or to submit a malicious form." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:08:44.106Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36183", "datePublished": "2024-06-13T07:52:44.982Z", "dateReserved": "2024-05-21T17:04:23.623Z", "dateUpdated": "2024-10-07T13:08:44.106Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26057
Vulnerability from cvelistv5
Published
2024-06-13 07:52
Modified
2024-10-07 13:35
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically requires user interaction, such as convincing a user to click on a specially crafted link or to submit a form that triggers the malicious script.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26057", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T14:56:15.818160Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-05T17:22:50.743Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T23:59:31.286Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim\u0027s browser session. Exploitation of this issue typically requires user interaction, such as convincing a user to click on a specially crafted link or to submit a form that triggers the malicious script." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:35:48.801Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-26057", "datePublished": "2024-06-13T07:52:14.744Z", "dateReserved": "2024-02-14T17:37:23.391Z", "dateUpdated": "2024-10-07T13:35:48.801Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26068
Vulnerability from cvelistv5
Published
2024-06-13 07:52
Modified
2024-10-07 13:29
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26068", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T13:34:52.661135Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T13:34:58.157Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T23:59:31.940Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:29:34.588Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-26068", "datePublished": "2024-06-13T07:52:17.913Z", "dateReserved": "2024-02-14T17:37:23.392Z", "dateUpdated": "2024-10-07T13:29:34.588Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-2609
Vulnerability from cvelistv5
Published
2024-03-19 12:02
Modified
2024-08-28 14:57
Severity ?
EPSS score ?
Summary
The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites. This vulnerability affects Firefox < 124, Firefox ESR < 115.10, and Thunderbird < 115.10.
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Mozilla | Firefox |
Version: unspecified < 124 |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T19:18:48.164Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1866100" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00012.html" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-12/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-19/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-20/" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00013.html" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "firefox", "vendor": "mozilla", "versions": [ { "lessThan": "124", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "firefox_esr", "vendor": "mozilla", "versions": [ { "lessThan": "115.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "thunderbird", "vendor": "mozilla", "versions": [ { "lessThan": "115.10", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-2609", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-03-20T15:04:02.077172Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-28T14:57:33.167Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Firefox", "vendor": "Mozilla", "versions": [ { "lessThan": "124", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Firefox ESR", "vendor": "Mozilla", "versions": [ { "lessThan": "115.10", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Thunderbird", "vendor": "Mozilla", "versions": [ { "lessThan": "115.10", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "Shaheen Fazim" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites. This vulnerability affects Firefox \u003c 124, Firefox ESR \u003c 115.10, and Thunderbird \u003c 115.10." } ], "value": "The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites. This vulnerability affects Firefox \u003c 124, Firefox ESR \u003c 115.10, and Thunderbird \u003c 115.10." } ], "problemTypes": [ { "descriptions": [ { "description": "Permission prompt input delay could expire when not in focus", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-04-19T16:50:48.947Z", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1866100" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00012.html" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2024-12/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2024-19/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2024-20/" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00013.html" } ] } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2024-2609", "datePublished": "2024-03-19T12:02:54.546Z", "dateReserved": "2024-03-18T16:22:25.505Z", "dateUpdated": "2024-08-28T14:57:33.167Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26114
Vulnerability from cvelistv5
Published
2024-06-13 07:52
Modified
2024-10-07 13:18
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26114", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T19:24:17.767739Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T19:24:30.052Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T23:59:32.647Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim\u0027s browser." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Reflected XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:18:37.056Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-26114", "datePublished": "2024-06-13T07:52:56.389Z", "dateReserved": "2024-02-14T17:37:23.403Z", "dateUpdated": "2024-10-07T13:18:37.056Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36179
Vulnerability from cvelistv5
Published
2024-06-13 07:53
Modified
2024-10-07 13:07
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-36179", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T19:17:21.109476Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T19:17:29.165Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.020Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:07:47.399Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36179", "datePublished": "2024-06-13T07:53:23.127Z", "dateReserved": "2024-05-21T17:04:23.621Z", "dateUpdated": "2024-10-07T13:07:47.399Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26127
Vulnerability from cvelistv5
Published
2024-06-13 07:52
Modified
2024-10-07 13:39
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect the integrity of the page. Exploitation of this issue requires user interaction.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:adobe:experience_manager:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "experience_manager", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:adobe:experience_manager_cloud_service:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "experience_manager_cloud_service", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-26127", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-06-14T13:20:59.185323Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-14T13:22:52.945Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T23:59:32.519Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect the integrity of the page. Exploitation of this issue requires user interaction." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 3.5, "environmentalSeverity": "LOW", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "NONE", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "UNCHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 3.5, "temporalSeverity": "LOW", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "Improper Input Validation (CWE-20)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:39:12.146Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Improper Input Validation (CWE-20)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-26127", "datePublished": "2024-06-13T07:52:39.702Z", "dateReserved": "2024-02-14T17:37:23.406Z", "dateUpdated": "2024-10-07T13:39:12.146Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-34128
Vulnerability from cvelistv5
Published
2024-07-23 11:34
Modified
2024-10-07 13:10
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-34128", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-23T13:32:59.300507Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-23T13:33:12.033Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T02:42:59.922Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:10:48.403Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-34128", "datePublished": "2024-07-23T11:34:53.906Z", "dateReserved": "2024-04-30T19:50:50.909Z", "dateUpdated": "2024-10-07T13:10:48.403Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36177
Vulnerability from cvelistv5
Published
2024-06-13 07:53
Modified
2024-10-07 13:07
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-36177", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T13:18:16.911712Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T13:18:26.103Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.136Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:07:24.488Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36177", "datePublished": "2024-06-13T07:53:05.008Z", "dateReserved": "2024-05-21T17:04:23.621Z", "dateUpdated": "2024-10-07T13:07:24.488Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36151
Vulnerability from cvelistv5
Published
2024-06-13 07:53
Modified
2024-10-07 12:28
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue requires user interaction, as the victim needs to visit a web page with a maliciously crafted script.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-36151", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T21:20:52.185202Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T21:20:59.510Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.052Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim\u0027s browser session. Exploitation of this issue requires user interaction, as the victim needs to visit a web page with a maliciously crafted script." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T12:28:23.126Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36151", "datePublished": "2024-06-13T07:53:09.527Z", "dateReserved": "2024-05-21T17:04:23.616Z", "dateUpdated": "2024-10-07T12:28:23.126Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36149
Vulnerability from cvelistv5
Published
2024-06-13 07:52
Modified
2024-10-07 12:28
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-36149", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T13:33:45.521464Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T13:33:50.944Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.210Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T12:28:00.758Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36149", "datePublished": "2024-06-13T07:52:42.696Z", "dateReserved": "2024-05-21T17:04:23.616Z", "dateUpdated": "2024-10-07T12:28:00.758Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36152
Vulnerability from cvelistv5
Published
2024-06-13 07:52
Modified
2024-10-07 12:28
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-36152", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T13:34:18.385162Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T13:34:23.517Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.021Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T12:28:34.685Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36152", "datePublished": "2024-06-13T07:52:26.227Z", "dateReserved": "2024-05-21T17:04:23.616Z", "dateUpdated": "2024-10-07T12:28:34.685Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36191
Vulnerability from cvelistv5
Published
2024-06-13 07:52
Modified
2024-10-07 13:11
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-36191", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T13:34:35.616281Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T13:34:41.356Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.086Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:11:22.119Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36191", "datePublished": "2024-06-13T07:52:19.438Z", "dateReserved": "2024-05-21T17:07:35.264Z", "dateUpdated": "2024-10-07T13:11:22.119Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36214
Vulnerability from cvelistv5
Published
2024-06-13 07:52
Modified
2024-10-07 13:20
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-36214", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T21:23:01.130767Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T21:23:10.438Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.082Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:20:18.304Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36214", "datePublished": "2024-06-13T07:52:43.476Z", "dateReserved": "2024-05-21T17:07:35.268Z", "dateUpdated": "2024-10-07T13:20:18.304Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36141
Vulnerability from cvelistv5
Published
2024-06-13 07:52
Modified
2024-10-07 12:26
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-36141", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T19:18:33.233149Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T19:18:44.118Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.039Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T12:26:30.835Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36141", "datePublished": "2024-06-13T07:52:49.628Z", "dateReserved": "2024-05-21T17:04:23.615Z", "dateUpdated": "2024-10-07T12:26:30.835Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26071
Vulnerability from cvelistv5
Published
2024-06-13 07:52
Modified
2024-10-07 13:28
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26071", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T19:05:39.632647Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T19:05:51.509Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T23:59:32.701Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:28:49.206Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-26071", "datePublished": "2024-06-13T07:52:58.872Z", "dateReserved": "2024-02-14T17:37:23.393Z", "dateUpdated": "2024-10-07T13:28:49.206Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36168
Vulnerability from cvelistv5
Published
2024-06-13 07:52
Modified
2024-10-07 12:32
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:adobe:experience_manager:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "experience_manager", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:adobe:experience_manager_cloud_service:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "experience_manager_cloud_service", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-36168", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-06-14T13:19:50.823000Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-14T13:21:39.847Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:12.994Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T12:32:35.797Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36168", "datePublished": "2024-06-13T07:52:57.890Z", "dateReserved": "2024-05-21T17:04:23.620Z", "dateUpdated": "2024-10-07T12:32:35.797Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36150
Vulnerability from cvelistv5
Published
2024-06-13 07:53
Modified
2024-10-07 12:28
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-36150", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T16:51:42.470372Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T16:51:50.567Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:12.989Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T12:28:11.798Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36150", "datePublished": "2024-06-13T07:53:55.631Z", "dateReserved": "2024-05-21T17:04:23.616Z", "dateUpdated": "2024-10-07T12:28:11.798Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-34141
Vulnerability from cvelistv5
Published
2024-06-25 08:50
Modified
2024-10-07 12:28
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:adobe:adobe_experience_manager:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "adobe_experience_manager", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-34141", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-06-25T15:08:54.050287Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-25T15:10:02.239Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T02:43:00.456Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T12:28:45.739Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-34141", "datePublished": "2024-06-25T08:50:01.824Z", "dateReserved": "2024-04-30T19:50:50.914Z", "dateUpdated": "2024-10-07T12:28:45.739Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36216
Vulnerability from cvelistv5
Published
2024-06-13 07:52
Modified
2024-10-07 13:21
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-36216", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T19:19:59.605055Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T19:20:24.151Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.120Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim\u0027s browser." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Reflected XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:21:25.331Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36216", "datePublished": "2024-06-13T07:52:46.455Z", "dateReserved": "2024-05-21T17:07:35.268Z", "dateUpdated": "2024-10-07T13:21:25.331Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36197
Vulnerability from cvelistv5
Published
2024-06-13 07:52
Modified
2024-10-07 13:12
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue requires user interaction, such as convincing a victim to click on a specially crafted link or to submit a form that triggers the vulnerability.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-36197", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T19:19:03.998230Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T19:19:13.183Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.228Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim\u0027s browser session. Exploitation of this issue requires user interaction, such as convincing a victim to click on a specially crafted link or to submit a form that triggers the vulnerability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:12:52.530Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36197", "datePublished": "2024-06-13T07:52:48.885Z", "dateReserved": "2024-05-21T17:07:35.265Z", "dateUpdated": "2024-10-07T13:12:52.530Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26039
Vulnerability from cvelistv5
Published
2024-06-13 07:53
Modified
2024-10-07 13:51
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue requires user interaction, such as convincing a victim to click on a specially crafted link or to submit a form that triggers the vulnerability.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26039", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T18:11:25.315265Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T18:11:31.302Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T23:59:31.319Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim\u0027s browser session. Exploitation of this issue requires user interaction, such as convincing a victim to click on a specially crafted link or to submit a form that triggers the vulnerability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:51:38.639Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-26039", "datePublished": "2024-06-13T07:53:06.520Z", "dateReserved": "2024-02-14T17:37:23.387Z", "dateUpdated": "2024-10-07T13:51:38.639Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36171
Vulnerability from cvelistv5
Published
2024-06-13 07:53
Modified
2024-10-07 12:33
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-36171", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T13:18:34.849625Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T13:18:43.625Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.174Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T12:33:22.695Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36171", "datePublished": "2024-06-13T07:53:11.038Z", "dateReserved": "2024-05-21T17:04:23.620Z", "dateUpdated": "2024-10-07T12:33:22.695Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-34119
Vulnerability from cvelistv5
Published
2024-06-13 07:52
Modified
2024-10-07 12:26
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-34119", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T19:16:38.539320Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T19:16:46.037Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T02:43:00.060Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T12:26:08.174Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-34119", "datePublished": "2024-06-13T07:52:53.427Z", "dateReserved": "2024-04-30T19:50:50.905Z", "dateUpdated": "2024-10-07T12:26:08.174Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36172
Vulnerability from cvelistv5
Published
2024-06-13 07:52
Modified
2024-10-07 12:33
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-36172", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T18:31:33.230995Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T18:31:44.288Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.034Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T12:33:33.956Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36172", "datePublished": "2024-06-13T07:52:29.994Z", "dateReserved": "2024-05-21T17:04:23.621Z", "dateUpdated": "2024-10-07T12:33:33.956Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36238
Vulnerability from cvelistv5
Published
2024-06-13 07:53
Modified
2024-10-07 14:14
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically requires user interaction, such as convincing a user to click on a malicious link or to interact with a maliciously crafted web page.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*" ], "defaultStatus": "affected", "product": "experience_manager_cloud_service", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-36238", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T16:19:15.666354Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T16:26:28.037Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.224Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim\u0027s browser session. Exploitation of this issue typically requires user interaction, such as convincing a user to click on a malicious link or to interact with a maliciously crafted web page." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T14:14:59.057Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36238", "datePublished": "2024-06-13T07:53:54.852Z", "dateReserved": "2024-05-21T17:07:35.274Z", "dateUpdated": "2024-10-07T14:14:59.057Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36167
Vulnerability from cvelistv5
Published
2024-06-13 07:52
Modified
2024-10-07 12:32
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-36167", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T18:13:57.236731Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T18:14:05.058Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:12.997Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T12:32:25.079Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36167", "datePublished": "2024-06-13T07:52:23.196Z", "dateReserved": "2024-05-21T17:04:23.619Z", "dateUpdated": "2024-10-07T12:32:25.079Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26058
Vulnerability from cvelistv5
Published
2024-06-13 07:52
Modified
2024-10-07 13:35
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue requires user interaction, such as convincing a victim to click on a specially crafted link.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26058", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T18:12:29.155978Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T18:12:36.327Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T23:59:32.285Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim\u0027s browser session. Exploitation of this issue requires user interaction, such as convincing a victim to click on a specially crafted link." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:35:25.753Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-26058", "datePublished": "2024-06-13T07:52:27.766Z", "dateReserved": "2024-02-14T17:37:23.391Z", "dateUpdated": "2024-10-07T13:35:25.753Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36188
Vulnerability from cvelistv5
Published
2024-06-13 07:53
Modified
2024-10-07 13:10
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-36188", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T18:24:46.950385Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T18:25:00.384Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.191Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:10:03.379Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36188", "datePublished": "2024-06-13T07:53:15.627Z", "dateReserved": "2024-05-21T17:04:23.624Z", "dateUpdated": "2024-10-07T13:10:03.379Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36201
Vulnerability from cvelistv5
Published
2024-06-13 07:53
Modified
2024-10-07 13:14
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-36201", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T13:19:59.714637Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T13:20:12.128Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.142Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:14:45.776Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36201", "datePublished": "2024-06-13T07:53:11.787Z", "dateReserved": "2024-05-21T17:07:35.266Z", "dateUpdated": "2024-10-07T13:14:45.776Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36225
Vulnerability from cvelistv5
Published
2024-06-13 07:53
Modified
2024-10-07 13:31
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-36225", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T17:12:49.053217Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T17:12:56.874Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.175Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:31:51.088Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36225", "datePublished": "2024-06-13T07:53:44.284Z", "dateReserved": "2024-05-21T17:07:35.270Z", "dateUpdated": "2024-10-07T13:31:51.088Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26110
Vulnerability from cvelistv5
Published
2024-06-13 07:53
Modified
2024-10-07 13:19
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26110", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T13:53:23.640756Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T13:53:29.456Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T23:59:32.355Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:19:44.353Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-26110", "datePublished": "2024-06-13T07:53:43.529Z", "dateReserved": "2024-02-14T17:37:23.403Z", "dateUpdated": "2024-10-07T13:19:44.353Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36196
Vulnerability from cvelistv5
Published
2024-06-13 07:53
Modified
2024-10-07 13:12
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-36196", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T17:15:31.263700Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T17:15:42.042Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.102Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:12:41.325Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36196", "datePublished": "2024-06-13T07:53:26.132Z", "dateReserved": "2024-05-21T17:07:35.264Z", "dateUpdated": "2024-10-07T13:12:41.325Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36178
Vulnerability from cvelistv5
Published
2024-06-13 07:52
Modified
2024-10-07 13:07
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:adobe:experience_manager:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "experience_manager", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:adobe:experience_manager_cloud_service:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "experience_manager_cloud_service", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-36178", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-06-14T13:21:39.444116Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-14T13:24:28.599Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.137Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:07:35.943Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36178", "datePublished": "2024-06-13T07:52:32.265Z", "dateReserved": "2024-05-21T17:04:23.621Z", "dateUpdated": "2024-10-07T13:07:35.943Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26074
Vulnerability from cvelistv5
Published
2024-06-13 07:53
Modified
2024-10-07 13:27
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:adobe:experience_manager:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "experience_manager", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:adobe:experience_manager_cloud_service:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "experience_manager_cloud_service", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-26074", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-06-14T13:06:12.901569Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-14T13:12:33.162Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T23:59:32.316Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:27:40.648Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-26074", "datePublished": "2024-06-13T07:53:38.799Z", "dateReserved": "2024-02-14T17:37:23.393Z", "dateUpdated": "2024-10-07T13:27:40.648Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26054
Vulnerability from cvelistv5
Published
2024-06-13 07:52
Modified
2024-10-07 13:36
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:adobe:experience_manager:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "experience_manager", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:adobe:experience_manager_cloud_service:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "experience_manager_cloud_service", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-26054", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-06-14T13:22:06.381016Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-14T13:25:06.226Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T23:59:32.214Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:36:33.914Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-26054", "datePublished": "2024-06-13T07:52:27.015Z", "dateReserved": "2024-02-14T17:37:23.389Z", "dateUpdated": "2024-10-07T13:36:33.914Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26115
Vulnerability from cvelistv5
Published
2024-06-13 07:52
Modified
2024-10-07 13:18
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:adobe:experience_manager:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "experience_manager", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-26115", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T17:57:41.226962Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T17:58:58.545Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T23:59:32.317Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim\u0027s browser." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Reflected XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:18:25.486Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-26115", "datePublished": "2024-06-13T07:52:33.031Z", "dateReserved": "2024-02-14T17:37:23.403Z", "dateUpdated": "2024-10-07T13:18:25.486Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36184
Vulnerability from cvelistv5
Published
2024-06-13 07:53
Modified
2024-10-07 13:08
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically requires user interaction, such as convincing a user to click on a malicious link or to submit a specially crafted form.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-36184", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T21:21:43.000005Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T21:22:11.165Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.056Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim\u0027s browser session. Exploitation of this issue typically requires user interaction, such as convincing a user to click on a malicious link or to submit a specially crafted form." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:08:55.120Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36184", "datePublished": "2024-06-13T07:53:08.774Z", "dateReserved": "2024-05-21T17:04:23.623Z", "dateUpdated": "2024-10-07T13:08:55.120Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26077
Vulnerability from cvelistv5
Published
2024-06-13 07:52
Modified
2024-10-07 13:26
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:adobe:experience_manager:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "experience_manager", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:adobe:experience_manager_cloud_service:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "experience_manager_cloud_service", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-26077", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-06-14T13:21:26.063753Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-14T13:24:08.425Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T23:59:32.577Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:26:43.792Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-26077", "datePublished": "2024-06-13T07:52:33.812Z", "dateReserved": "2024-02-14T17:37:23.394Z", "dateUpdated": "2024-10-07T13:26:43.792Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36210
Vulnerability from cvelistv5
Published
2024-06-13 07:52
Modified
2024-10-07 13:19
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:adobe:experience_manager:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "experience_manager", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:adobe:experience_manager_cloud_service:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "experience_manager_cloud_service", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-36210", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-06-14T13:23:41.499661Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-14T13:26:51.768Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.187Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim\u0027s browser." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Reflected XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:19:10.525Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36210", "datePublished": "2024-06-13T07:52:14.008Z", "dateReserved": "2024-05-21T17:07:35.267Z", "dateUpdated": "2024-10-07T13:19:10.525Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36176
Vulnerability from cvelistv5
Published
2024-06-13 07:52
Modified
2024-10-07 13:07
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-36176", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T18:13:13.378806Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T18:13:21.262Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.047Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:07:13.024Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36176", "datePublished": "2024-06-13T07:52:23.963Z", "dateReserved": "2024-05-21T17:04:23.621Z", "dateUpdated": "2024-10-07T13:07:13.024Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36190
Vulnerability from cvelistv5
Published
2024-06-13 07:53
Modified
2024-10-07 13:10
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically requires user interaction, such as convincing a user to click on a specially crafted link or to submit a form that triggers the vulnerability.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:adobe:experience_manager:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "experience_manager", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:adobe:experience_manager_cloud_service:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "experience_manager_cloud_service", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-36190", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-06-14T13:18:43.598647Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-14T13:20:22.775Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.164Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim\u0027s browser session. Exploitation of this issue typically requires user interaction, such as convincing a user to click on a specially crafted link or to submit a form that triggers the vulnerability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:10:37.158Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36190", "datePublished": "2024-06-13T07:53:14.103Z", "dateReserved": "2024-05-21T17:04:23.624Z", "dateUpdated": "2024-10-07T13:10:37.158Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36208
Vulnerability from cvelistv5
Published
2024-06-13 07:52
Modified
2024-10-07 13:17
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:adobe:experience_manager:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "experience_manager", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:adobe:experience_manager_cloud_service:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "experience_manager_cloud_service", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-36208", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-06-14T13:23:14.147849Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-14T13:26:21.487Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.178Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:17:07.299Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36208", "datePublished": "2024-06-13T07:52:18.678Z", "dateReserved": "2024-05-21T17:07:35.267Z", "dateUpdated": "2024-10-07T13:17:07.299Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26095
Vulnerability from cvelistv5
Published
2024-06-13 07:53
Modified
2024-10-07 13:21
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26095", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T18:10:55.473241Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T18:11:02.777Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T23:59:32.665Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:21:48.144Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-26095", "datePublished": "2024-06-13T07:53:18.640Z", "dateReserved": "2024-02-14T17:37:23.396Z", "dateUpdated": "2024-10-07T13:21:48.144Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36146
Vulnerability from cvelistv5
Published
2024-06-13 07:52
Modified
2024-10-07 12:27
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-36146", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T13:33:24.879539Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T13:33:36.119Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:12.972Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T12:27:15.733Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36146", "datePublished": "2024-06-13T07:52:54.893Z", "dateReserved": "2024-05-21T17:04:23.616Z", "dateUpdated": "2024-10-07T12:27:15.733Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26060
Vulnerability from cvelistv5
Published
2024-06-13 07:53
Modified
2024-10-07 13:33
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:adobe:experience_manager:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "experience_manager", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:adobe:experience_manager_cloud_service:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "experience_manager_cloud_service", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-26060", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-06-14T13:06:26.420721Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-14T13:12:55.774Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T23:59:32.601Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:33:10.762Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-26060", "datePublished": "2024-06-13T07:53:35.879Z", "dateReserved": "2024-02-14T17:37:23.391Z", "dateUpdated": "2024-10-07T13:33:10.762Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36157
Vulnerability from cvelistv5
Published
2024-06-13 07:53
Modified
2024-10-07 12:29
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-36157", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T18:19:48.560424Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T18:19:58.059Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.043Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T12:29:53.931Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36157", "datePublished": "2024-06-13T07:53:49.600Z", "dateReserved": "2024-05-21T17:04:23.617Z", "dateUpdated": "2024-10-07T12:29:53.931Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36199
Vulnerability from cvelistv5
Published
2024-06-13 07:52
Modified
2024-10-07 13:14
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-36199", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T19:16:19.993623Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T19:16:29.529Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.010Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:14:23.109Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36199", "datePublished": "2024-06-13T07:52:10.204Z", "dateReserved": "2024-05-21T17:07:35.266Z", "dateUpdated": "2024-10-07T13:14:23.109Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26113
Vulnerability from cvelistv5
Published
2024-06-13 07:52
Modified
2024-10-07 13:18
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:adobe:experience_manager:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "experience_manager", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:adobe:experience_manager_cloud_service:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "experience_manager_cloud_service", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-26113", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-06-14T13:22:20.378306Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-14T13:25:18.951Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T23:59:32.535Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim\u0027s browser." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Reflected XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:18:59.252Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-26113", "datePublished": "2024-06-13T07:52:24.716Z", "dateReserved": "2024-02-14T17:37:23.403Z", "dateUpdated": "2024-10-07T13:18:59.252Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36239
Vulnerability from cvelistv5
Published
2024-06-13 07:53
Modified
2024-10-07 14:15
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue requires user interaction, such as convincing a victim to click on a specially crafted link.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-36239", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T18:16:52.640543Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T18:17:07.911Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.270Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim\u0027s browser session. Exploitation of this issue requires user interaction, such as convincing a victim to click on a specially crafted link." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T14:15:11.501Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36239", "datePublished": "2024-06-13T07:53:54.087Z", "dateReserved": "2024-05-21T17:07:35.275Z", "dateUpdated": "2024-10-07T14:15:11.501Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36193
Vulnerability from cvelistv5
Published
2024-06-13 07:52
Modified
2024-10-07 13:12
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:adobe:experience_manager:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "experience_manager", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-36193", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T16:52:10.314738Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T16:53:06.295Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.162Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:12:07.359Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36193", "datePublished": "2024-06-13T07:52:40.448Z", "dateReserved": "2024-05-21T17:07:35.264Z", "dateUpdated": "2024-10-07T13:12:07.359Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36181
Vulnerability from cvelistv5
Published
2024-06-13 07:53
Modified
2024-10-07 13:08
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue requires user interaction, typically in the form of convincing a victim to visit a maliciously crafted web page or to interact with a maliciously modified DOM element within the application.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:adobe:experience_manager:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "experience_manager", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:adobe:experience_manager_cloud_service:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "experience_manager_cloud_service", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-36181", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-06-14T13:18:30.357378Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-14T13:20:09.492Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.076Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim\u0027s browser session. Exploitation of this issue requires user interaction, typically in the form of convincing a victim to visit a maliciously crafted web page or to interact with a maliciously modified DOM element within the application." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:08:20.987Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36181", "datePublished": "2024-06-13T07:53:14.863Z", "dateReserved": "2024-05-21T17:04:23.623Z", "dateUpdated": "2024-10-07T13:08:20.987Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26055
Vulnerability from cvelistv5
Published
2024-06-13 07:52
Modified
2024-10-07 13:36
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically requires user interaction, such as convincing a victim to click on a specially crafted link or to submit a form that triggers the malicious script.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:adobe:experience_manager:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "experience_manager", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-26055", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T18:02:38.157874Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T18:03:38.431Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T23:59:32.477Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim\u0027s browser session. Exploitation of this issue typically requires user interaction, such as convincing a victim to click on a specially crafted link or to submit a form that triggers the malicious script." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:36:10.932Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-26055", "datePublished": "2024-06-13T07:52:11.707Z", "dateReserved": "2024-02-14T17:37:23.391Z", "dateUpdated": "2024-10-07T13:36:10.932Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36202
Vulnerability from cvelistv5
Published
2024-06-13 07:52
Modified
2024-10-07 13:14
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:adobe:experience_manager:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "experience_manager", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:adobe:experience_manager_cloud_service:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "experience_manager_cloud_service", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-36202", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-06-14T13:20:18.069852Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-14T13:22:11.441Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.145Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:14:56.875Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36202", "datePublished": "2024-06-13T07:52:50.387Z", "dateReserved": "2024-05-21T17:07:35.266Z", "dateUpdated": "2024-10-07T13:14:56.875Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26075
Vulnerability from cvelistv5
Published
2024-06-13 07:53
Modified
2024-10-07 13:27
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:adobe:experience_manager:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "experience_manager", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:adobe:experience_manager_cloud_service:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "experience_manager_cloud_service", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-26075", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-06-14T13:18:16.772675Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-14T13:19:57.020Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T23:59:32.180Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:27:17.855Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-26075", "datePublished": "2024-06-13T07:53:40.263Z", "dateReserved": "2024-02-14T17:37:23.393Z", "dateUpdated": "2024-10-07T13:27:17.855Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26085
Vulnerability from cvelistv5
Published
2024-06-13 07:52
Modified
2024-10-07 13:24
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:adobe:experience_manager:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "experience_manager", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:adobe:experience_manager_cloud_service:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "experience_manager_cloud_service", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-26085", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-06-14T13:21:12.594225Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-14T13:23:10.478Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T23:59:32.464Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:24:27.313Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-26085", "datePublished": "2024-06-13T07:52:35.282Z", "dateReserved": "2024-02-14T17:37:23.395Z", "dateUpdated": "2024-10-07T13:24:27.313Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36180
Vulnerability from cvelistv5
Published
2024-06-13 07:52
Modified
2024-10-07 13:07
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:adobe:experience_manager:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "experience_manager", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:adobe:experience_manager_cloud_service:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "experience_manager_cloud_service", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-36180", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-06-14T13:20:31.566428Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-14T13:22:23.437Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.079Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:07:58.621Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36180", "datePublished": "2024-06-13T07:52:47.322Z", "dateReserved": "2024-05-21T17:04:23.622Z", "dateUpdated": "2024-10-07T13:07:58.621Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36235
Vulnerability from cvelistv5
Published
2024-06-13 07:53
Modified
2024-10-07 14:10
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically requires user interaction, such as convincing a user to click on a specially crafted link or to submit a form that causes the execution of the malicious script.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:adobe:experience_manager:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "experience_manager", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:adobe:experience_manager_cloud_service:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "experience_manager_cloud_service", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-36235", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-06-14T13:18:56.957934Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-14T13:20:35.064Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.326Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim\u0027s browser session. Exploitation of this issue typically requires user interaction, such as convincing a user to click on a specially crafted link or to submit a form that causes the execution of the malicious script." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T14:10:27.068Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36235", "datePublished": "2024-06-13T07:53:08.024Z", "dateReserved": "2024-05-21T17:07:35.273Z", "dateUpdated": "2024-10-07T14:10:27.068Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36220
Vulnerability from cvelistv5
Published
2024-06-13 07:53
Modified
2024-10-07 13:25
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue requires user interaction, such as convincing a victim to click on a specially crafted link or to submit a form that triggers the malicious script.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:adobe:experience_manager:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "experience_manager", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:adobe:experience_manager_cloud_service:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "experience_manager_cloud_service", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-36220", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-06-14T13:07:07.597006Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-14T13:13:59.896Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.124Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim\u0027s browser session. Exploitation of this issue requires user interaction, such as convincing a victim to click on a specially crafted link or to submit a form that triggers the malicious script." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:25:12.651Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36220", "datePublished": "2024-06-13T07:53:30.612Z", "dateReserved": "2024-05-21T17:07:35.269Z", "dateUpdated": "2024-10-07T13:25:12.651Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26090
Vulnerability from cvelistv5
Published
2024-06-13 07:53
Modified
2024-10-07 13:23
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue requires user interaction, such as convincing a victim to click on a specially crafted link.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26090", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T17:14:56.806638Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T17:15:10.185Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T23:59:32.211Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim\u0027s browser session. Exploitation of this issue requires user interaction, such as convincing a victim to click on a specially crafted link." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "UNCHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:23:06.965Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-26090", "datePublished": "2024-06-13T07:53:33.602Z", "dateReserved": "2024-02-14T17:37:23.395Z", "dateUpdated": "2024-10-07T13:23:06.965Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-34142
Vulnerability from cvelistv5
Published
2024-06-25 08:50
Modified
2024-10-07 13:06
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:adobe:adobe_experience_manager:*:*:*:*:*:*:*:*" ], "defaultStatus": "affected", "product": "adobe_experience_manager", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-34142", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-25T13:32:48.379203Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-25T13:37:07.339Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T02:43:00.131Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:06:39.123Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-34142", "datePublished": "2024-06-25T08:50:02.677Z", "dateReserved": "2024-04-30T19:50:50.914Z", "dateUpdated": "2024-10-07T13:06:39.123Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26037
Vulnerability from cvelistv5
Published
2024-06-13 07:53
Modified
2024-10-07 13:52
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically requires user interaction, such as convincing a user to click on a specially crafted link or to submit a malicious form.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26037", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T18:17:38.687482Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T18:17:57.868Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T23:59:31.325Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim\u0027s browser session. Exploitation of this issue typically requires user interaction, such as convincing a user to click on a specially crafted link or to submit a malicious form." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:52:23.460Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-26037", "datePublished": "2024-06-13T07:53:53.319Z", "dateReserved": "2024-02-14T17:37:23.387Z", "dateUpdated": "2024-10-07T13:52:23.460Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36166
Vulnerability from cvelistv5
Published
2024-06-13 07:52
Modified
2024-10-07 12:32
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:adobe:experience_manager:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "experience_manager", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:adobe:experience_manager_cloud_service:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "experience_manager_cloud_service", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-36166", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-06-14T13:21:52.947723Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-14T13:24:48.092Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.008Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T12:32:13.203Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36166", "datePublished": "2024-06-13T07:52:30.765Z", "dateReserved": "2024-05-21T17:04:23.619Z", "dateUpdated": "2024-10-07T12:32:13.203Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26066
Vulnerability from cvelistv5
Published
2024-06-13 07:52
Modified
2024-10-07 13:29
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26066", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T18:29:53.436617Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T18:30:06.408Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T23:59:32.227Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:29:57.305Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-26066", "datePublished": "2024-06-13T07:52:57.152Z", "dateReserved": "2024-02-14T17:37:23.392Z", "dateUpdated": "2024-10-07T13:29:57.305Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36211
Vulnerability from cvelistv5
Published
2024-06-13 07:53
Modified
2024-10-07 13:19
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-36211", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T17:12:16.669907Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T17:12:25.737Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.082Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim\u0027s browser." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Reflected XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:19:33.092Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36211", "datePublished": "2024-06-13T07:53:46.564Z", "dateReserved": "2024-05-21T17:07:35.268Z", "dateUpdated": "2024-10-07T13:19:33.092Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36231
Vulnerability from cvelistv5
Published
2024-06-13 07:53
Modified
2024-10-07 13:47
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically requires user interaction, such as convincing a user to click on a specially crafted link or to submit a form that causes the execution of the malicious script.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-36231", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T13:33:08.115717Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T13:33:14.999Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.231Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim\u0027s browser session. Exploitation of this issue typically requires user interaction, such as convincing a user to click on a specially crafted link or to submit a form that causes the execution of the malicious script." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:47:20.651Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36231", "datePublished": "2024-06-13T07:53:13.344Z", "dateReserved": "2024-05-21T17:07:35.272Z", "dateUpdated": "2024-10-07T13:47:20.651Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26072
Vulnerability from cvelistv5
Published
2024-06-13 07:53
Modified
2024-10-07 13:28
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically requires user interaction, such as convincing a victim to click on a specially crafted link or to submit a form that causes the vulnerable script to execute.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26072", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T18:21:10.109004Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T18:21:20.347Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T23:59:32.142Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim\u0027s browser session. Exploitation of this issue typically requires user interaction, such as convincing a victim to click on a specially crafted link or to submit a form that causes the vulnerable script to execute." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:28:38.230Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-26072", "datePublished": "2024-06-13T07:53:32.844Z", "dateReserved": "2024-02-14T17:37:23.393Z", "dateUpdated": "2024-10-07T13:28:38.230Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36200
Vulnerability from cvelistv5
Published
2024-06-13 07:52
Modified
2024-10-07 13:14
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-36200", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T18:30:41.061253Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T18:30:49.620Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.005Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:14:34.315Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36200", "datePublished": "2024-06-13T07:52:55.644Z", "dateReserved": "2024-05-21T17:07:35.266Z", "dateUpdated": "2024-10-07T13:14:34.315Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36185
Vulnerability from cvelistv5
Published
2024-06-13 07:52
Modified
2024-10-07 13:09
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-36185", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T19:10:33.511586Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T19:12:53.580Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.099Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:09:06.344Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36185", "datePublished": "2024-06-13T07:52:15.472Z", "dateReserved": "2024-05-21T17:04:23.623Z", "dateUpdated": "2024-10-07T13:09:06.344Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26123
Vulnerability from cvelistv5
Published
2024-06-13 07:53
Modified
2024-10-07 13:10
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:adobe:experience_manager:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "experience_manager", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-26123", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T16:34:16.613980Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-24T18:33:32.217Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T23:59:32.346Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:10:59.729Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-26123", "datePublished": "2024-06-13T07:53:19.401Z", "dateReserved": "2024-02-14T17:37:23.406Z", "dateUpdated": "2024-10-07T13:10:59.729Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26029
Vulnerability from cvelistv5
Published
2024-06-13 07:53
Modified
2024-10-07 13:21
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain disclose information. Exploitation of this issue does not require user interaction.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26029", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T19:02:59.672878Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T19:03:57.424Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T23:59:32.157Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain disclose information. Exploitation of this issue does not require user interaction." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 7.5, "environmentalSeverity": "HIGH", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "HIGH", "modifiedIntegrityImpact": "NONE", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "UNCHANGED", "modifiedUserInteraction": "NONE", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 7.5, "temporalSeverity": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-284", "description": "Improper Access Control (CWE-284)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:21:59.178Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Improper Access Control (CWE-284)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-26029", "datePublished": "2024-06-13T07:53:02.730Z", "dateReserved": "2024-02-14T17:37:23.386Z", "dateUpdated": "2024-10-07T13:21:59.178Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36195
Vulnerability from cvelistv5
Published
2024-06-13 07:52
Modified
2024-10-07 13:12
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:adobe:adobe_experience_manager:*:*:*:*:*:*:*:*" ], "defaultStatus": "affected", "product": "adobe_experience_manager", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-36195", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T20:33:22.771409Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T20:37:40.647Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.174Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:12:30.152Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36195", "datePublished": "2024-06-13T07:52:12.473Z", "dateReserved": "2024-05-21T17:07:35.264Z", "dateUpdated": "2024-10-07T13:12:30.152Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26078
Vulnerability from cvelistv5
Published
2024-06-13 07:53
Modified
2024-10-07 13:26
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26078", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T19:02:13.845224Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T19:02:25.751Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T23:59:32.345Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:26:32.696Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-26078", "datePublished": "2024-06-13T07:53:10.283Z", "dateReserved": "2024-02-14T17:37:23.394Z", "dateUpdated": "2024-10-07T13:26:32.696Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36187
Vulnerability from cvelistv5
Published
2024-06-13 07:52
Modified
2024-10-07 13:09
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-36187", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T13:16:49.018215Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T13:16:57.096Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.188Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:09:40.627Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36187", "datePublished": "2024-06-13T07:52:36.774Z", "dateReserved": "2024-05-21T17:04:23.624Z", "dateUpdated": "2024-10-07T13:09:40.627Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26116
Vulnerability from cvelistv5
Published
2024-06-13 07:52
Modified
2024-10-07 13:18
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:adobe:experience_manager:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "experience_manager", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-26116", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T16:56:05.970659Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T16:56:53.781Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T23:59:32.571Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim\u0027s browser." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Reflected XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:18:02.708Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-26116", "datePublished": "2024-06-13T07:52:38.252Z", "dateReserved": "2024-02-14T17:37:23.405Z", "dateUpdated": "2024-10-07T13:18:02.708Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36154
Vulnerability from cvelistv5
Published
2024-06-13 07:53
Modified
2024-10-07 12:29
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-36154", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T13:21:12.308484Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T13:21:20.856Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.119Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T12:29:08.092Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36154", "datePublished": "2024-06-13T07:53:25.405Z", "dateReserved": "2024-05-21T17:04:23.617Z", "dateUpdated": "2024-10-07T12:29:08.092Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36207
Vulnerability from cvelistv5
Published
2024-06-13 07:53
Modified
2024-10-07 13:16
Severity ?
EPSS score ?
Summary
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.20 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-36207", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T19:19:28.779762Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T19:19:40.066Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:30:13.127Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.20", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T13:16:16.947Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-36207", "datePublished": "2024-06-13T07:53:20.920Z", "dateReserved": "2024-05-21T17:07:35.267Z", "dateUpdated": "2024-10-07T13:16:16.947Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.