CVE-2022-35697 — Cross-site Scripting in Adobe Experience Manager

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

5.4MEDIUMNVD

EPSS

0.4%

top 39.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Experience Manager Adobe WEB Content Management Core Components

Timeline

PublishedAug 10

Latest updateAug 11

Description

Adobe Experience Manager Core Components version 2.20.6 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires a low author privilege access.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶NVDadobe/web_content_management_core_components2.20.6

▶CVEListV5adobe/experience_managerunspecified — 2.20.6

🔴Vulnerability Details

OSV

AEM WCM Core Components CVG Image vulnerable to Reflected Cross-site Scripting↗2022-08-11

▶

GHSA

AEM WCM Core Components CVG Image vulnerable to Reflected Cross-site Scripting↗2022-08-11

▶