ghsa-pwj3-wjc3-227r
Vulnerability from github
Published
2024-03-18 18:32
Modified
2024-03-18 18:32
Severity ?
Details
Adobe Experience Manager versions 6.5.19 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable web pages. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable script. This could result in arbitrary code execution in the context of the victim's browser. Exploitation of this issue requires user interaction.
{ "affected": [], "aliases": [ "CVE-2024-26032" ], "database_specific": { "cwe_ids": [ "CWE-79" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2024-03-18T18:15:10Z", "severity": "MODERATE" }, "details": "Adobe Experience Manager versions 6.5.19 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable web pages. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable script. This could result in arbitrary code execution in the context of the victim\u0027s browser. Exploitation of this issue requires user interaction.", "id": "GHSA-pwj3-wjc3-227r", "modified": "2024-03-18T18:32:20Z", "published": "2024-03-18T18:32:20Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26032" }, { "type": "WEB", "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-05.html" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "type": "CVSS_V3" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.