Stored XSS in AEM Design Importer Component

Stammdaten

Kritikalität
CVE ID
CVE-2020-9740
Aktualisiert am:
2024-08-04T10:43:04.935Z
Veröffentlicht am:
2020-09-08T00:00:00
 

Betroffene Produkte

Hersteller:
Adobe
Produkt(e):
Experience Manager
Betroffene Version:
unspecified, unspecified, unspecified, unspecified
 

Beschreibung

AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Design Importer. These scripts may be executed in a victim’s browser when they open the page containing the vulnerable field.
 

Referenzen

 

NIST-Link:


Copyright © 2024 · All Rights Reserved · https://www.tecxero.com | Impressum