CVE-2017-3109 — Cross-site Scripting in Adobe Experience Manager

CWE-79 — Cross-site Scripting2 documents2 sources

Severity

6.1MEDIUMNVD

EPSS

1.5%

top 19.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Experience Manager

Timeline

PublishedDec 9

Latest updateMay 17

Description

An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. Adobe Experience Manager has a reflected cross-site scripting vulnerability in the HtmlRendererServlet.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

▶NVDadobe/experience_manager4 versions+3

🔴Vulnerability Details

GHSA

GHSA-pg3g-3r65-463m: An issue was discovered in Adobe Experience Manager 6↗2022-05-17

▶