Input Validation Issue in Adobe Experience Manager Affecting Security Features
CVE-2016-7882

6.1MEDIUM

Key Information:

Vendor
Adobe
Status
Adobe Experience Manager 6.2 And Earlier
Vendor
CVE Published:
15 December 2016

Summary

Adobe Experience Manager versions 6.2 and earlier are vulnerable to an input validation issue in the WCMDebug filter, which may allow attackers to execute cross-site scripting (XSS) attacks. By exploiting this vulnerability, an attacker can inject malicious scripts into content served to users, potentially compromising sensitive information and affecting the integrity of web applications.

Affected Version(s)

Adobe Experience Manager 6.2 and earlier Adobe Experience Manager 6.2 and earlier

References

http://www.securitytracker.com/id/1037464
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/94869
vdb-entryx_refsource_BID
https://helpx.adobe.com/security/products/experience-mana...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.