CVE-2020-9743 — Improper Input Validation in Adobe Experience Manager
Severity
6.1MEDIUMNVD
EPSS
3.3%
top 12.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedSep 10
Latest updateMay 24
Description
AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by an HTML injection vulnerability in the content editor component that allows unauthenticated users to craft an HTTP request that includes arbitrary HTML code in a parameter value. An attacker could then use the malicious GET request to lure victims to perform unsafe actions in the page (ex. phishing).
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7