Vulnerability Details : CVE-2022-35697
Adobe Experience Manager Core Components version 2.20.6 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires a low author privilege access.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2022-35697
- Adobe » Web Content Management Core Components » For Adobe Experience ManagerVersions up to, including, (<=) 2.20.6cpe:2.3:a:adobe:web_content_management_core_components:*:*:*:*:*:adobe_experience_manager:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-35697
0.26%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 49 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-35697
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.4
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
2.3
|
2.7
|
Adobe Systems Incorporated |
CWE ids for CVE-2022-35697
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: psirt@adobe.com (Primary)
References for CVE-2022-35697
-
https://github.com/adobe/aem-core-wcm-components/security/advisories/GHSA-qcgc-6q86-7x2p
CVG Image Reflected Cross-site Scripting (XSS) vulnerability · Advisory · adobe/aem-core-wcm-components · GitHubThird Party Advisory
Jump to