CVE-2024-43750
published 2024-12-10CVE-2024-43750: Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to…
medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adobe | adobe_experience_manager | <= 6.5.21 | — |
| adobe | experience_manager | < 6.5.22.0 | 6.5.22.0 |
| adobe | experience_manager | < 2024.11.0 | 2024.11.0 |
GHSA
Liferay Portal Unvalidated File Upload
ghsa·2025-08-20
CVE-2025-43750 [MEDIUM] CWE-434 Liferay Portal Unvalidated File Upload
Liferay Portal Unvalidated File Upload
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.1, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.19 and 7.4 GA through update 92 allows remote unauthenticated users (guests) to upload files via the form attachment field without proper validation, enabling extension obfuscation and bypassing MIME type checks.
GHSA
GHSA-cqhc-7j4w-vw82: Adobe Experience Manager versions 6
ghsa_unreviewed·2024-12-11
CVE-2024-43750 [MEDIUM] CWE-79 GHSA-cqhc-7j4w-vw82: Adobe Experience Manager versions 6
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-12-10
Published