Stored Cross-Site Scripting Vulnerability in Adobe Experience Manager
CVE-2024-52992
5.4MEDIUM
Summary
Adobe Experience Manager has a vulnerability where versions 6.5.21 and earlier are susceptible to a stored Cross-Site Scripting (XSS) attack. This vulnerability allows attackers to inject malicious JavaScript into form fields, potentially leading to unauthorized actions being performed on behalf of users. When a user interacts with a page containing an affected form field, the injected scripts can be executed within their browser. This can result in data theft, session hijacking, or other malicious actions, making it critical for users of affected versions to apply security updates or mitigations as soon as possible. For detailed information and recommended actions, refer to the official Adobe security advisory.
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Collectors
NVD Database