CVE-2020-9742 — Cross-site Scripting in Adobe Experience Manager
Severity
5.4MEDIUMNVD
EPSS
0.9%
top 24.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedSep 10
Latest updateMay 24
Description
AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below) and 6.3.3.8 (and below) are affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Inbox calendar feature. These scripts may be executed in a victim’s browser when they open the page containing the vulnerable field.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7