Adobe Experience Manager XSS Vulnerability Affects User Interaction
CVE-2024-52823

5.4MEDIUM

Key Information:

Vendor: Adobe
Status: Experience Manager
Vendor: CVE Published:; 10 December 2024

Summary

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user input, the attacker can inject malicious scripts that run when the page is rendered. This type of attack requires user interaction, as the victim would need to visit a malicious link or input data into a compromised form.

References

https://helpx.adobe.com/security/products/experience-mana...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 10, 2024

Collectors

NVD Database