CVE-2021-21043Cross-site Scripting in Adobe Consulting Services Commons

CWE-79Cross-site ScriptingCWE-787Out-of-bounds Write5 documents5 sources
Severity
6.1MEDIUMNVD
EPSS
1.3%
top 20.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Adobe Experience ManagerAdobe Consulting Services Commons
Timeline
PublishedFeb 2
Latest updateMay 13

Description

ACS Commons version 4.9.2 (and earlier) suffers from a Reflected Cross-site Scripting (XSS) vulnerability in version-compare and page-compare due to invalid JCR characters that are not handled correctly. An attacker could potentially exploit this vulnerability to inject malicious JavaScript content into vulnerable form fields and execute it within the context of the victim's browser. Exploitation of this issue requires user interaction in order to be successful.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

CVEListV5adobe/experience_managerunspecified4.9.2

🔴Vulnerability Details

2
GHSA
Reflected Cross-site Scripting (XSS) in ACS Commons2021-05-13
OSV
Reflected Cross-site Scripting (XSS) in ACS Commons2021-05-13

💥Exploits & PoCs

1
Nuclei
WordPress Paytm Donation <=1.3.2 - Authenticated SQL Injection

🕵️Threat Intelligence

1
Qualys
Microsoft & Adobe Patch Tuesday (May 2021) – Qualys covers 85 Vulnerabilities, 26 Critical2021-05-11
CVE-2021-21043 — Cross-site Scripting in Adobe | cvebase