Reflected Cross-Site Scripting Vulnerability in Adobe Experience Manager
CVE-2017-3109

6.1MEDIUM

Key Information:

Vendor

Adobe
Status
Adobe Experience Manager 6.3, 6.2, 6.1, 6.0
Vendor
CVE Published:
9 December 2017

What is CVE-2017-3109?

Adobe Experience Manager versions 6.3, 6.2, 6.1, and 6.0 contain a reflected cross-site scripting vulnerability in the HtmlRendererServlet component. This issue can allow attackers to inject malicious scripts into web pages viewed by users, potentially leading to unauthorized access or manipulation of user session data. As a result, it is crucial for organizations using affected versions to apply the recommended security updates and implement appropriate security measures to mitigate risks associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Adobe Experience Manager 6.3, 6.2, 6.1, 6.0 Adobe Experience Manager 6.3, 6.2, 6.1, 6.0

References

http://www.securityfocus.com/bid/101834
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1039800
vdb-entryx_refsource_SECTRACK
https://helpx.adobe.com/security/products/experience-mana...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.