Cross-Site Scripting Vulnerability in Adobe Experience Manager Forms and LiveCycle
CVE-2016-6933

6.1MEDIUM

Key Information:

Vendor
Adobe
Status
Adobe Experience Manager Forms 6.2 And Earlier, Livecycle 11.0.1, Livecycle 10.0.4
Vendor
CVE Published:
15 December 2016

Summary

Adobe Experience Manager Forms and LiveCycle are susceptible to a cross-site scripting vulnerability due to inadequate input validation in the AACComponent. This flaw allows attackers to execute arbitrary JavaScript in the context of the affected application, potentially leading to unauthorized actions and data exposure.

Affected Version(s)

Adobe Experience Manager Forms 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4 Adobe Experience Manager Forms 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4

References

http://www.securityfocus.com/bid/94867
vdb-entryx_refsource_BID
https://helpx.adobe.com/security/products/aem-forms/apsb1...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1037465
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.