CVE-2024-43731
published 2024-12-10CVE-2024-43731: Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A…
medium4.3CVSS 3.1
AVNACLPRLUINSUCNILAN
Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adobe | adobe_experience_manager | <= 6.5.21 | — |
| adobe | experience_manager | < 6.5.22.0 | 6.5.22.0 |
| adobe | experience_manager | < 2024.11.0 | 2024.11.0 |
GHSA
Liferay Portal Vulnerable to Cross-Site Scripting
ghsa·2025-08-18
CVE-2025-43731 [MEDIUM] CWE-79 Liferay Portal Vulnerable to Cross-Site Scripting
Liferay Portal Vulnerable to Cross-Site Scripting
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.8, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.16 and 7.4 GA through update 92 allows an remote authenticated user to inject JavaScript in message board threads and categories.
GHSA
GHSA-2q92-jq5r-m2x3: Adobe Experience Manager versions 6
ghsa_unreviewed·2024-12-11
CVE-2024-43731 [MEDIUM] CWE-285 GHSA-2q92-jq5r-m2x3: Adobe Experience Manager versions 6
Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-12-10
Published