CVE-2017-11296 — Cross-site Scripting in Adobe Experience Manager

CWE-79 — Cross-site Scripting2 documents2 sources

Severity

6.1MEDIUMNVD

EPSS

1.5%

top 19.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Experience Manager

Timeline

PublishedDec 9

Latest updateMay 17

Description

An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. A cross-site scripting vulnerability in Apache Sling Servlets Post 2.3.20 has been resolved in Adobe Experience Manager.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

▶NVDadobe/experience_manager4 versions+3

🔴Vulnerability Details

GHSA

GHSA-jgr2-v3pc-364p: An issue was discovered in Adobe Experience Manager 6↗2022-05-17

▶