Adobe Experience Manager Vulnerable to DOM-Based XSS Attacks

CVE-2024-41878

5.4MEDIUM

Key Information

Vendor: Adobe
Status: Adobe Experience Manager
Vendor: CVE Published:; 23 August 2024

Summary

Adobe Experience Manager versions 6.5.19 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to inject and execute arbitrary JavaScript code within the context of the user's browser session. Exploitation of this issue requires user interaction, such as convincing a victim to click on a malicious link.

Affected Version(s)

Adobe Experience Manager <= 6.5.19

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published.
Aug 23, 2024
Vulnerability Reserved.
Jul 22, 2024

Collectors

NVD DatabaseMitre Database