CVE-2016-7884Cross-site Scripting in Adobe Experience Manager

CWE-79Cross-site Scripting2 documents2 sources
Severity
6.1MEDIUMNVD
EPSS
1.3%
top 20.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Adobe Experience Manager
Timeline
PublishedDec 15
Latest updateMay 17

Description

Adobe Experience Manager versions 6.1 and earlier have an input validation issue in the DAM create assets that could be used in cross-site scripting attacks.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

Patches

Patch: helpx.adobe.comPatch: helpx.adobe.com

🔴Vulnerability Details

1
GHSA
GHSA-c99j-frq3-gxpr: Adobe Experience Manager versions 62022-05-17
CVE-2016-7884 — Cross-site Scripting in Adobe | cvebase