| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2022-28820 |
79 |
|
XSS |
2022-04-21 |
2022-05-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
ACS Commons version 5.1.x (and earlier) suffers from a Reflected Cross-site Scripting (XSS) vulnerability in /apps/acs-commons/content/page-compare.html endpoint via the a and b GET parameters. User input submitted via these parameters is not validated or sanitised. An attacker must provide a link to someone with access to AEM Author, and could potentially exploit this vulnerability to inject malicious JavaScript content into vulnerable form fields and execute it within the context of the victim's browser. The exploitation of this issue requires user interaction in order to be successful. |
|
2 |
CVE-2022-28818 |
79 |
|
XSS |
2022-05-12 |
2022-05-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
ColdFusion versions CF2021U3 (and earlier) and CF2018U13 are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. |
|
3 |
CVE-2021-44178 |
79 |
|
XSS |
2022-01-13 |
2022-01-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a reflected Cross-Site Scripting (XSS) vulnerability via the itemResourceType parameter. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser |
|
4 |
CVE-2021-44177 |
79 |
|
XSS |
2022-01-13 |
2022-01-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. |
|
5 |
CVE-2021-44176 |
79 |
|
XSS |
2022-01-13 |
2022-01-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. |
|
6 |
CVE-2021-43765 |
79 |
|
XSS |
2022-01-13 |
2022-01-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. |
|
7 |
CVE-2021-42722 |
125 |
|
Exec Code |
2022-03-16 |
2022-03-22 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Adobe Bridge version 11.1.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
|
8 |
CVE-2021-42268 |
476 |
|
|
2021-11-18 |
2021-11-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Adobe Animate version 21.0.9 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted FLA file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
|
9 |
CVE-2021-40721 |
79 |
|
XSS |
2021-10-15 |
2022-02-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Adobe Connect version 11.2.3 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. |
|
10 |
CVE-2021-40716 |
125 |
|
Bypass |
2021-09-29 |
2021-10-07 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
XMP Toolkit SDK versions 2021.07 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
|
11 |
CVE-2021-40714 |
79 |
|
XSS |
2021-09-27 |
2022-02-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability via the accesskey parameter. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser |
|
12 |
CVE-2021-40713 |
295 |
|
|
2021-09-27 |
2021-10-01 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a improper certificate validation vulnerability in the cold storage component. If an attacker can achieve a man in the middle when the cold server establishes a new certificate, they would be able to harvest sensitive information. |
|
13 |
CVE-2021-40712 |
20 |
|
DoS |
2021-09-27 |
2021-10-01 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a improper input validation vulnerability via the path parameter. An authenticated attacker can send a malformed POST request to achieve server-side denial of service. |
|
14 |
CVE-2021-40697 |
125 |
|
Bypass |
2021-09-29 |
2021-10-04 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
|
15 |
CVE-2021-39865 |
125 |
|
Bypass |
2021-09-29 |
2022-03-31 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
|
16 |
CVE-2021-39864 |
352 |
|
CSRF |
2021-10-15 |
2021-10-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Adobe Commerce versions 2.4.2-p2 (and earlier), 2.4.3 (and earlier) and 2.3.7p1 (and earlier) are affected by a cross-site request forgery (CSRF) vulnerability via a Wishlist Share Link. Successful exploitation could lead to unauthorized addition to customer cart by an unauthenticated attacker. Access to the admin console is not required for successful exploitation. |
|
17 |
CVE-2021-39862 |
125 |
|
Bypass |
2021-09-29 |
2021-10-04 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
|
18 |
CVE-2021-36063 |
79 |
|
XSS |
2021-09-01 |
2021-09-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Adobe Connect version 11.2.2 (and earlier) is affected by a Reflected Cross-site Scripting vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. |
|
19 |
CVE-2021-36062 |
79 |
|
XSS |
2021-09-01 |
2021-09-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Adobe Connect version 11.2.2 (and earlier) is affected by a Reflected Cross-site Scripting vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. |
|
20 |
CVE-2021-36061 |
657 |
|
|
2021-09-01 |
2021-09-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Adobe Connect version 11.2.2 (and earlier) is affected by a secure design principles violation vulnerability via the 'pbMode' parameter. An unauthenticated attacker could leverage this vulnerability to edit or delete recordings on the Connect environment. Exploitation of this issue requires user interaction in that a victim must publish a link of a Connect recording. |
|
21 |
CVE-2021-36058 |
190 |
|
DoS Overflow |
2021-09-01 |
2021-10-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Integer Overflow vulnerability potentially resulting in application-level denial of service in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file. |
|
22 |
CVE-2021-36054 |
122 |
|
DoS Overflow |
2021-09-01 |
2021-10-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in local application denial of service in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file. |
|
23 |
CVE-2021-36053 |
125 |
|
Bypass |
2021-09-01 |
2021-10-27 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
XMP Toolkit SDK versions 2020.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
|
24 |
CVE-2021-36045 |
125 |
|
Bypass |
2021-09-01 |
2021-10-27 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
XMP Toolkit SDK versions 2020.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
|
25 |
CVE-2021-36039 |
863 |
|
|
2021-09-01 |
2021-09-08 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability via the `quoteId` parameter. An attacker can abuse this vulnerability to disclose sensitive information. |
|
26 |
CVE-2021-36038 |
20 |
|
|
2021-09-01 |
2021-09-08 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability in the Multishipping Module. An authenticated attacker could leverage this vulnerability to achieve sensitive information disclosure. |
|
27 |
CVE-2021-36037 |
|
|
|
2021-09-01 |
2022-04-25 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper improper authorization vulnerability. An authenticated attacker could leverage this vulnerability to achieve sensitive information disclosure. |
|
28 |
CVE-2021-36027 |
79 |
|
XSS |
2021-09-01 |
2021-09-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a stored cross-site scripting vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. |
|
29 |
CVE-2021-36026 |
79 |
|
XSS |
2021-09-01 |
2021-09-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a stored cross-site scripting vulnerability in the customer address upload feature that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. |
|
30 |
CVE-2021-36012 |
|
|
|
2021-09-01 |
2022-04-25 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a business logic error in the placeOrder graphql mutation. An authenticated attacker can leverage this vulnerability to altar the price of an item. |
|
31 |
CVE-2021-36002 |
668 |
|
|
2021-09-01 |
2022-10-27 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Adobe Captivate version 11.5.5 (and earlier) is affected by an Creation of Temporary File In Directory With Incorrect Permissions vulnerability that could result in privilege escalation in the context of the current user. The attacker must plant a malicious file in a particular location of the victim's machine. Exploitation of this issue requires user interaction in that a victim must launch the Captivate Installer. |
|
32 |
CVE-2021-35988 |
125 |
|
|
2021-08-20 |
2021-09-01 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose arbitrary memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
|
33 |
CVE-2021-35987 |
125 |
|
|
2021-08-20 |
2021-09-01 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose arbitrary memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
|
34 |
CVE-2021-35986 |
843 |
|
|
2021-08-20 |
2021-11-06 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Type Confusion vulnerability. An unauthenticated attacker could leverage this vulnerability to read arbitrary system information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
|
35 |
CVE-2021-35985 |
476 |
|
|
2021-08-20 |
2021-09-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by a Null pointer dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
|
36 |
CVE-2021-35984 |
476 |
|
|
2021-08-20 |
2021-09-01 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by a Null pointer dereference vulnerability. An authenticated attacker could leverage this vulnerability achieve an application denial-of-service in the context of the current user. Exploitation of this issue does not requires user interaction. |
|
37 |
CVE-2021-28643 |
843 |
|
|
2021-08-20 |
2021-08-26 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by a Type Confusion vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
|
38 |
CVE-2021-28628 |
79 |
|
XSS |
2021-08-24 |
2021-08-31 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Adobe Experience Manager Cloud Service offering, as well as versions 6.5.8.0 (and below) is affected by a Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. |
|
39 |
CVE-2021-28625 |
79 |
|
XSS |
2021-08-24 |
2021-08-31 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Adobe Experience Manager Cloud Service offering, as well as versions 6.5.8.0 (and below) is affected by a Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. |
|
40 |
CVE-2021-28579 |
|
|
|
2021-06-28 |
2022-10-25 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Adobe Connect version 11.2.1 (and earlier) is affected by an Improper access control vulnerability that can lead to the elevation of privileges. An attacker with 'Learner' permissions can leverage this scenario to access the list of event participants. |
|
41 |
CVE-2021-21084 |
79 |
|
XSS |
2021-06-28 |
2021-07-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
AEM's Cloud Service offering, as well as versions 6.5.7.0 (and below), 6.4.8.3 (and below) and 6.3.3.8 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. |
|
42 |
CVE-2021-21080 |
79 |
|
XSS |
2021-03-12 |
2021-12-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Adobe Connect version 11.0.7 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious JavaScript content that may be executed within the context of the victim's browser when they browse to the page containing the vulnerable field. |
|
43 |
CVE-2021-21079 |
79 |
|
XSS |
2021-03-12 |
2021-12-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Adobe Connect version 11.0.7 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious JavaScript content that may be executed within the context of the victim's browser when they browse to the page containing the vulnerable field. |
|
44 |
CVE-2021-21043 |
79 |
|
XSS |
2021-02-02 |
2021-12-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
ACS Commons version 4.9.2 (and earlier) suffers from a Reflected Cross-site Scripting (XSS) vulnerability in version-compare and page-compare due to invalid JCR characters that are not handled correctly. An attacker could potentially exploit this vulnerability to inject malicious JavaScript content into vulnerable form fields and execute it within the context of the victim's browser. Exploitation of this issue requires user interaction in order to be successful. |
|
45 |
CVE-2021-21012 |
639 |
|
|
2021-01-13 |
2022-08-19 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object vulnerability (IDOR) in the checkout module. Successful exploitation could lead to sensitive information disclosure. |
|
46 |
CVE-2020-24443 |
79 |
|
XSS |
2020-11-12 |
2020-11-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Adobe Connect version 11.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. |
|
47 |
CVE-2020-24442 |
79 |
|
XSS |
2020-11-12 |
2020-11-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Adobe Connect version 11.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. |
|
48 |
CVE-2020-24441 |
|
|
|
2020-11-12 |
2022-10-21 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Adobe Acrobat Reader for Android version 20.6.2 (and earlier) does not properly restrict access to directories created by the application. This could result in disclosure of sensitive information stored in databases used by the application. Exploitation requires a victim to download and run a malicious application. |
|
49 |
CVE-2020-24416 |
79 |
|
XSS |
2020-10-20 |
2020-10-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Marketo Sales Insight plugin version 1.4355 (and earlier) is affected by a blind stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. |
|
50 |
CVE-2020-9743 |
79 |
|
XSS |
2020-09-10 |
2021-09-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by an HTML injection vulnerability in the content editor component that allows unauthenticated users to craft an HTTP request that includes arbitrary HTML code in a parameter value. An attacker could then use the malicious GET request to lure victims to perform unsafe actions in the page (ex. phishing). |
