CVE-2020-9735 — Cross-site Scripting in Adobe Experience Manager
Severity
4.8MEDIUMNVD
EPSS
2.1%
top 15.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedSep 10
Latest updateMay 24
Description
AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields. These scripts may be executed in a victim’s browser when search queries return the page containing the vulnerable field.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7