CVE-2024-43749
published 2024-12-10CVE-2024-43749: Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to…
medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adobe | adobe_experience_manager | <= 6.5.21 | — |
| adobe | experience_manager | < 6.5.22.0 | 6.5.22.0 |
| adobe | experience_manager | < 2024.11.0 | 2024.11.0 |
GHSA
Liferay Portal Unauthenticated File Access via URL
ghsa·2025-08-20
CVE-2025-43749 [MEDIUM] CWE-552 Liferay Portal Unauthenticated File Access via URL
Liferay Portal Unauthenticated File Access via URL
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.1, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allows unauthenticated users (guests) to access via URL files uploaded in the form and stored in document_library.
GHSA
GHSA-mr34-4h4c-8xmv: Adobe Experience Manager versions 6
ghsa_unreviewed·2024-12-11
CVE-2024-43749 [MEDIUM] CWE-79 GHSA-mr34-4h4c-8xmv: Adobe Experience Manager versions 6
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-12-10
Published