CVE-2021-44178 — Cross-site Scripting in Adobe Experience Manager

CWE-79 — Cross-site Scripting2 documents2 sources

Severity

6.1MEDIUMNVD

EPSS

2.8%

top 13.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Experience Manager

Timeline

PublishedJan 13

Latest updateJan 14

Description

AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a reflected Cross-Site Scripting (XSS) vulnerability via the itemResourceType parameter. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5adobe/experience_managerunspecified — 6.5.10.0

▶NVDadobe/experience_manager6.5.10.0

🔴Vulnerability Details

GHSA

GHSA-7h26-w6fr-rpvf: AEM's Cloud Service offering, as well as version 6↗2022-01-14

▶