Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVE-2024-43732

4.6MEDIUM

Key Information:

Vendor
Adobe
Vendor
CVE Published:
10 December 2024

Summary

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could allow an attacker to execute arbitrary code in the context of the victim's browser. This issue occurs when data from a malicious source is processed by a web application's client-side scripts to update the DOM. Exploitation of this issue requires user interaction, such as convincing a victim to click on a malicious link.

Affected Version(s)

Adobe Experience Manager 0 <= 6.5.21

References

CVSS V3.1

Score:
4.6
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

Collectors

NVD DatabaseMitre Database
.