CVE-2024-43748
published 2024-12-10CVE-2024-43748: Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to…
medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adobe | adobe_experience_manager | <= 6.5.21 | — |
| adobe | experience_manager | < 6.5.22.0 | 6.5.22.0 |
| adobe | experience_manager | < 2024.11.0 | 2024.11.0 |
GHSA
Liferay Portal Vulnerable to Cross-Site Request Forgery
ghsa·2025-08-20
CVE-2025-43748 [HIGH] CWE-352 Liferay Portal Vulnerable to Cross-Site Request Forgery
Liferay Portal Vulnerable to Cross-Site Request Forgery
Insufficient CSRF protection for omni-administrator users in Liferay Portal 7.0.0 through 7.4.3.119, and Liferay DXP 2024.Q1.1 through 2024.Q1.6, 2023.Q4.0 through 2023.Q4.9, 2023.Q3.1 through 2023.Q3.9, 7.4 GA through update 92, 7.3 GA through update 36, and older unsupported versions allows attackers to execute Cross-Site Request Forgery
GHSA
GHSA-gh4w-fg3h-m87w: Adobe Experience Manager versions 6
ghsa_unreviewed·2024-12-11
CVE-2024-43748 [MEDIUM] CWE-79 GHSA-gh4w-fg3h-m87w: Adobe Experience Manager versions 6
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-12-10
Published