CVE-2021-21084Cross-site Scripting in Adobe Experience Manager

CWE-79Cross-site Scripting2 documents2 sources
Severity
6.1MEDIUMNVD
EPSS
2.3%
top 15.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Adobe Experience Manager
Timeline
PublishedJun 28
Latest updateMay 24

Description

AEM's Cloud Service offering, as well as versions 6.5.7.0 (and below), 6.4.8.3 (and below) and 6.3.3.8 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

NVDadobe/experience_manager6.4.0.06.4.8.4+2
CVEListV5adobe/experience_managerunspecified6.3.3.8

🔴Vulnerability Details

1
GHSA
GHSA-8q6h-697m-5v7r: AEM's Cloud Service offering, as well as versions 62022-05-24
CVE-2021-21084 — Cross-site Scripting in Adobe | cvebase