CVE-2024-36227 — Cross-site Scripting in Adobe Experience Manager

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

5.4MEDIUMNVD

OSV9.8

EPSS

3.5%

top 12.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Experience Manager Libarchive Adobe Experience Manager

Timeline

PublishedJun 13

Latest updateOct 16

Description

Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically requires user interaction, such as convincing a user to click on a specially crafted link or to submit a malicious form.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages3 packages

▶NVDadobe/experience_manager< 6.5.21+1

▶CVEListV5adobe/adobe_experience_manager6.5.20

▶Ubuntulibarchive/libarchive< 3.4.0-2ubuntu1.3+5

🔴Vulnerability Details

OSV

libarchive vulnerabilities↗2024-10-16

▶

GHSA

GHSA-3w29-9x4p-299p: Adobe Experience Manager versions 6↗2024-06-13

▶