Input Validation Flaw in Adobe Experience Manager Forms and LiveCycle
CVE-2016-6934

6.1MEDIUM

Key Information:

Vendor

Adobe
Status
Adobe Experience Manager Forms 6.2 And Earlier, Livecycle 11.0.1, Livecycle 10.0.4
Vendor
CVE Published:
15 December 2016

What is CVE-2016-6934?

Adobe Experience Manager Forms versions 6.2 and earlier, along with LiveCycle versions 11.0.1 and 10.0.4, are susceptible to an input validation vulnerability in the PMAdmin module. This flaw can potentially be exploited to execute cross-site scripting (XSS) attacks, allowing malicious users to inject harmful scripts into web pages viewed by users. Such vulnerabilities can compromise user data and application integrity, highlighting the need for robust input validation mechanisms.

Affected Version(s)

Adobe Experience Manager Forms 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4 Adobe Experience Manager Forms 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4

References

http://www.securityfocus.com/bid/94867
vdb-entryx_refsource_BID
https://helpx.adobe.com/security/products/aem-forms/apsb1...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1037465
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.