CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Adobe » Experience Manager » * * * * : Security Vulnerabilities

Cpe Name:cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2022-38439 79 XSS 2022-09-23 2022-09-26
0.0
None ??? ??? ??? ??? ??? ???
Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM.
2 CVE-2022-38438 79 XSS 2022-09-23 2022-09-26
0.0
None ??? ??? ??? ??? ??? ???
Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM.
3 CVE-2022-35664 79 XSS 2022-09-16 2022-09-20
0.0
None ??? ??? ??? ??? ??? ???
Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM.
4 CVE-2022-34218 79 XSS 2022-09-16 2022-09-20
0.0
None ??? ??? ??? ??? ??? ???
Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM.
5 CVE-2022-30686 79 XSS 2022-09-16 2022-09-20
0.0
None ??? ??? ??? ??? ??? ???
Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM.
6 CVE-2022-30685 79 XSS 2022-09-16 2022-09-20
0.0
None ??? ??? ??? ??? ??? ???
Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM.
7 CVE-2022-30684 79 XSS 2022-09-16 2022-09-20
0.0
None ??? ??? ??? ??? ??? ???
Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM.
8 CVE-2022-30683 326 Bypass 2022-09-16 2022-09-20
0.0
None ??? ??? ??? ??? ??? ???
Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a Violation of Secure Design Principles vulnerability that could lead to bypass the security feature of the encryption mechanism in the backend . An attacker could leverage this vulnerability to decrypt secrets, however, this is a high-complexity attack as the threat actor needs to already possess those secrets. Exploitation of this issue requires low-privilege access to AEM.
9 CVE-2022-30682 79 XSS 2022-09-16 2022-09-20
0.0
None ??? ??? ??? ??? ??? ???
Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM.
10 CVE-2022-30681 79 XSS 2022-09-16 2022-09-20
0.0
None ??? ??? ??? ??? ??? ???
Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM.
11 CVE-2022-30680 79 XSS 2022-09-16 2022-09-20
0.0
None ??? ??? ??? ??? ??? ???
Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM.
12 CVE-2022-30678 79 XSS 2022-09-16 2022-09-20
0.0
None ??? ??? ??? ??? ??? ???
Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM.
13 CVE-2022-30677 79 XSS 2022-09-16 2022-09-20
0.0
None ??? ??? ??? ??? ??? ???
Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM.
14 CVE-2022-28851 79 XSS 2022-09-30 2022-10-04
0.0
None ??? ??? ??? ??? ??? ???
Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM.
15 CVE-2021-44178 79 XSS 2022-01-13 2022-01-15
4.3
None Remote Medium Not required None Partial None
AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a reflected Cross-Site Scripting (XSS) vulnerability via the itemResourceType parameter. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser
16 CVE-2021-44177 79 XSS 2022-01-13 2022-01-14
4.3
None Remote Medium Not required None Partial None
AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
17 CVE-2021-44176 79 XSS 2022-01-13 2022-01-14
4.3
None Remote Medium Not required None Partial None
AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
18 CVE-2021-43765 79 XSS 2022-01-13 2022-01-14
4.3
None Remote Medium Not required None Partial None
AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
19 CVE-2021-43764 79 XSS 2022-01-13 2022-01-14
3.5
None Remote Medium ??? None Partial None
AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
20 CVE-2021-43762 20 Bypass 2022-01-13 2022-01-19
6.4
None Remote Low Not required Partial Partial None
AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a dispatcher bypass vulnerability that could be abused to evade security controls. Sensitive areas of the web application may be exposed through exploitation of the vulnerability.
21 CVE-2021-43761 79 XSS 2022-01-13 2022-01-19
3.5
None Remote Medium ??? None Partial None
AEM's Cloud Service offering, as well as versions 6.5.7.0 (and below), 6.4.8.3 (and below) and 6.3.3.8 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
22 CVE-2021-40722 611 2022-01-13 2022-01-19
7.5
None Remote Low Not required Partial Partial Partial
AEM Forms Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by an XML External Entity (XXE) injection vulnerability that could be abused by an attacker to achieve RCE.
23 CVE-2021-40714 79 XSS 2021-09-27 2022-02-05
4.3
None Remote Medium Not required None Partial None
Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability via the accesskey parameter. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser
24 CVE-2021-40713 295 2021-09-27 2021-10-01
4.3
None Remote Medium Not required Partial None None
Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a improper certificate validation vulnerability in the cold storage component. If an attacker can achieve a man in the middle when the cold server establishes a new certificate, they would be able to harvest sensitive information.
25 CVE-2021-40712 20 DoS 2021-09-27 2021-10-01
4.0
None Remote Low ??? None None Partial
Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a improper input validation vulnerability via the path parameter. An authenticated attacker can send a malformed POST request to achieve server-side denial of service.
26 CVE-2021-40711 79 Exec Code XSS 2021-09-27 2022-02-04
3.5
None Remote Medium ??? None Partial None
Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a stored XSS vulnerability when creating Content Fragments. An authenticated attacker can send a malformed POST request to achieve arbitrary code execution. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
27 CVE-2021-28626 2021-08-24 2022-04-25
5.0
None Remote Low Not required None None Partial
Adobe Experience Manager Cloud Service offering, as well as versions 6.5.8.0 (and below) is affected by an Improper Authorization vulnerability allowing users to create nodes under a location. An unauthenticated attacker could leverage this vulnerability to cause an application denial-of-service. Exploitation of this issue does not require user interaction.
28 CVE-2021-21084 79 XSS 2021-06-28 2021-07-02
4.3
None Remote Medium Not required None Partial None
AEM's Cloud Service offering, as well as versions 6.5.7.0 (and below), 6.4.8.3 (and below) and 6.3.3.8 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
29 CVE-2021-21083 2021-06-28 2022-10-21
5.0
None Remote Low Not required None None Partial
AEM's Cloud Service offering, as well as versions 6.5.7.0 (and below), 6.4.8.3 (and below) and 6.3.3.8 (and below) are affected by an Improper Access Control vulnerability. An unauthenticated attacker could leverage this vulnerability to cause an application denial-of-service in the context of the current user.
30 CVE-2020-24445 79 XSS 2020-12-10 2022-10-08
3.5
None Remote Medium ??? None Partial None
AEM's Cloud Service offering, as well as version 6.5.6.0 (and below), are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
31 CVE-2020-9743 79 XSS 2020-09-10 2021-09-14
4.3
None Remote Medium Not required None Partial None
AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by an HTML injection vulnerability in the content editor component that allows unauthenticated users to craft an HTTP request that includes arbitrary HTML code in a parameter value. An attacker could then use the malicious GET request to lure victims to perform unsafe actions in the page (ex. phishing).
32 CVE-2020-9742 79 XSS 2020-09-10 2020-09-16
3.5
None Remote Medium ??? None Partial None
AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below) and 6.3.3.8 (and below) are affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Inbox calendar feature. These scripts may be executed in a victim’s browser when they open the page containing the vulnerable field.
33 CVE-2020-9741 79 XSS 2020-09-10 2020-09-14
3.5
None Remote Medium ??? None Partial None
The AEM forms add-on for versions 6.5.5.0 (and below) and 6.4.8.2 (and below) is affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Forms component. These scripts may be executed in a victim’s browser when they open the page containing the vulnerable field.
34 CVE-2020-9740 79 XSS 2020-09-10 2020-09-14
3.5
None Remote Medium ??? None Partial None
AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Design Importer. These scripts may be executed in a victim’s browser when they open the page containing the vulnerable field.
35 CVE-2020-9738 79 XSS 2020-09-10 2020-09-14
3.5
None Remote Medium ??? None Partial None
AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields. These scripts may be executed in a victim’s browser when visiting the page containing the vulnerable field.
36 CVE-2020-9737 79 XSS 2020-09-10 2020-09-17
3.5
None Remote Medium ??? None Partial None
AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields. These scripts may be executed in a victim’s browser when they open the page containing the vulnerable field.
37 CVE-2020-9736 79 XSS 2020-09-10 2020-09-14
3.5
None Remote Medium ??? None Partial None
AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields. These scripts may be executed in a victim’s browser when browsing to the page containing the vulnerable field.
38 CVE-2020-9735 79 XSS 2020-09-10 2020-09-14
3.5
None Remote Medium ??? None Partial None
AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields. These scripts may be executed in a victim’s browser when search queries return the page containing the vulnerable field.
39 CVE-2020-9734 79 XSS 2020-09-10 2020-09-14
3.5
None Remote Medium ??? None Partial None
The AEM Forms add-on for versions 6.5.5.0 (and below) and 6.4.8.1 (and below) is affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Forms component. These scripts may be executed in a victim’s browser when they open the page containing the vulnerable field.
40 CVE-2020-9733 269 2020-09-10 2021-09-14
5.0
None Remote Low Not required Partial None None
An AEM java servlet in AEM versions 6.5.5.0 (and below) and 6.4.8.1 (and below) executes with the permissions of a high privileged service user. If exploited, this could lead to read-only access to sensitive data in an AEM repository.
41 CVE-2020-9732 79 XSS 2020-09-10 2020-09-11
6.0
None Remote Medium ??? Partial Partial Partial
The AEM Forms add-on for versions 6.5.5.0 (and below) and 6.4.8.2 (and below) are affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Sites component. These scripts may be executed in a victim’s browser when they open the page containing the vulnerable field.
42 CVE-2020-9651 79 XSS 2020-06-12 2020-06-15
4.3
None Remote Medium Not required None Partial None
Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (reflected) vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser.
43 CVE-2020-9648 79 XSS 2020-06-12 2020-06-15
4.3
None Remote Medium Not required None Partial None
Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser.
44 CVE-2020-9647 79 XSS 2020-06-12 2020-06-15
4.3
None Remote Medium Not required None Partial None
Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (dom-based) vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser.
45 CVE-2020-9645 918 2020-06-12 2020-06-15
5.0
None Remote Low Not required Partial None None
Adobe Experience Manager versions 6.5 and earlier have a blind server-side request forgery (ssrf) vulnerability. Successful exploitation could lead to sensitive information disclosure.
46 CVE-2020-9644 79 XSS 2020-06-12 2020-06-15
3.5
None Remote Medium ??? None Partial None
Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (stored) vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser.
47 CVE-2020-9643 918 2020-06-12 2020-06-15
5.0
None Remote Low Not required Partial None None
Adobe Experience Manager versions 6.5 and earlier have a server-side request forgery (ssrf) vulnerability. Successful exploitation could lead to sensitive information disclosure.
48 CVE-2020-3769 918 2020-03-25 2020-03-27
5.0
None Remote Low Not required Partial None None
Adobe Experience Manager versions 6.5 and earlier have a server-side request forgery (ssrf) vulnerability. Successful exploitation could lead to sensitive information disclosure.
49 CVE-2019-16469 917 2020-01-15 2020-08-24
5.0
None Remote Low Not required Partial None None
Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have an expression language injection vulnerability. Successful exploitation could lead to sensitive information disclosure.
50 CVE-2019-16468 200 +Info 2020-01-15 2021-07-21
5.0
None Remote Low Not required Partial None None
Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have an user interface injection vulnerability. Successful exploitation could lead to sensitive information disclosure.
Total number of vulnerabilities : 69   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.