# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2021-43764 |
79 |
|
XSS |
2022-01-13 |
2022-01-14 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. |
2 |
CVE-2021-43761 |
79 |
|
XSS |
2022-01-13 |
2022-01-19 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
AEM's Cloud Service offering, as well as versions 6.5.7.0 (and below), 6.4.8.3 (and below) and 6.3.3.8 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. |
3 |
CVE-2021-40711 |
79 |
|
Exec Code XSS |
2021-09-27 |
2022-02-04 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a stored XSS vulnerability when creating Content Fragments. An authenticated attacker can send a malformed POST request to achieve arbitrary code execution. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. |
4 |
CVE-2021-28633 |
|
|
|
2021-08-24 |
2021-08-31 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
Adobe Creative Cloud Desktop Application (installer) version 2.4 (and earlier) is affected by an Insecure temporary file creation vulnerability. An attacker could leverage this vulnerability to cause arbitrary file overwriting in the context of the current user. Exploitation of this issue requires physical interaction to the system. |
5 |
CVE-2021-21087 |
79 |
|
Exec Code XSS |
2021-04-15 |
2021-07-02 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
Adobe Coldfusion versions 2016 (update 16 and earlier), 2018 (update 10 and earlier) and 2021.0.0.323925 are affected by an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. An attacker could abuse this vulnerability to execute arbitrary JavaScript code in context of the current user. Exploitation of this issue requires user interaction. |
6 |
CVE-2020-24445 |
79 |
|
XSS |
2020-12-10 |
2021-01-13 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
AEM's Cloud Service offering, as well as version 6.5.6.0 (and below), are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. |
7 |
CVE-2020-9742 |
79 |
|
XSS |
2020-09-10 |
2020-09-16 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below) and 6.3.3.8 (and below) are affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Inbox calendar feature. These scripts may be executed in a victim’s browser when they open the page containing the vulnerable field. |
8 |
CVE-2020-9741 |
79 |
|
XSS |
2020-09-10 |
2020-09-14 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
The AEM forms add-on for versions 6.5.5.0 (and below) and 6.4.8.2 (and below) is affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Forms component. These scripts may be executed in a victim’s browser when they open the page containing the vulnerable field. |
9 |
CVE-2020-9740 |
79 |
|
XSS |
2020-09-10 |
2020-09-14 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Design Importer. These scripts may be executed in a victim’s browser when they open the page containing the vulnerable field. |
10 |
CVE-2020-9738 |
79 |
|
XSS |
2020-09-10 |
2020-09-14 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields. These scripts may be executed in a victim’s browser when visiting the page containing the vulnerable field. |
11 |
CVE-2020-9737 |
79 |
|
XSS |
2020-09-10 |
2020-09-17 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields. These scripts may be executed in a victim’s browser when they open the page containing the vulnerable field. |
12 |
CVE-2020-9736 |
79 |
|
XSS |
2020-09-10 |
2020-09-14 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields. These scripts may be executed in a victim’s browser when browsing to the page containing the vulnerable field. |
13 |
CVE-2020-9735 |
79 |
|
XSS |
2020-09-10 |
2020-09-14 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields. These scripts may be executed in a victim’s browser when search queries return the page containing the vulnerable field. |
14 |
CVE-2020-9734 |
79 |
|
XSS |
2020-09-10 |
2020-09-14 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
The AEM Forms add-on for versions 6.5.5.0 (and below) and 6.4.8.1 (and below) is affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Forms component. These scripts may be executed in a victim’s browser when they open the page containing the vulnerable field. |
15 |
CVE-2020-9644 |
79 |
|
XSS |
2020-06-12 |
2020-06-15 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (stored) vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser. |
16 |
CVE-2013-5326 |
79 |
|
XSS |
2013-11-13 |
2020-09-04 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 9.0 before Update 12, 9.0.1 before Update 11, 9.0.2 before Update 6, and 10 before Update 12, when the CFIDE directory is available, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to the logviewer directory. |