CVE-2022-30678 — Cross-site Scripting in Adobe Experience Manager

CWE-79 — Cross-site Scripting2 documents2 sources

Severity

5.4MEDIUMNVD

EPSS

1.3%

top 20.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Experience Manager

Timeline

PublishedSep 16

Latest updateSep 17

Description

Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5adobe/experience_managerunspecified — 6.5.13.0

▶NVDadobe/experience_manager6.5.13.0

🔴Vulnerability Details

GHSA

GHSA-8f2m-jqf8-q7r7: Adobe Experience Manager versions 6↗2022-09-17

▶