Adobe Experience Manager vulnerabilities

CVE-2023-48544 [MEDIUM] CWE-79 CVE-2023-48544: Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE-2023-48525 [MEDIUM] CWE-79 CVE-2023-48525: Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-bas Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE-2023-48608 [LOW] CWE-20 CVE-2023-48608: Adobe Experience Manager versions 6.5.18 and earlier are affected by an Improper Input Validation vu Adobe Experience Manager versions 6.5.18 and earlier are affected by an Improper Input Validation vulnerability. A low-privileged attacker could leverage this vulnerability to achieve a low-integrity impact within the application. Exploitation of this issue requires user interaction.

CVE-2023-38215 [MEDIUM] CWE-79 CVE-2023-38215: Adobe Experience Manager versions 6.5.17 and earlier are affected by a reflected Cross-Site Scriptin Adobe Experience Manager versions 6.5.17 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE-2023-38214 [MEDIUM] CWE-79 CVE-2023-38214: Adobe Experience Manager versions 6.5.17 and earlier are affected by a reflected Cross-Site Scriptin Adobe Experience Manager versions 6.5.17 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE-2023-29322 [MEDIUM] CWE-79 CVE-2023-29322: Adobe Experience Manager versions 6.5.16.0 (and earlier) is affected by a reflected Cross-Site Scrip Adobe Experience Manager versions 6.5.16.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE-2023-29304 [MEDIUM] CWE-79 CVE-2023-29304: Adobe Experience Manager versions 6.5.16.0 (and earlier) is affected by a reflected Cross-Site Scrip Adobe Experience Manager versions 6.5.16.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE-2023-29302 [MEDIUM] CWE-79 CVE-2023-29302: Adobe Experience Manager versions 6.5.16.0 (and earlier) is affected by a reflected Cross-Site Scrip Adobe Experience Manager versions 6.5.16.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE-2023-21615 [MEDIUM] CWE-79 CVE-2023-21615: Experience Manager versions 6.5.15.0 (and earlier) are affected by a reflected Cross-Site Scripting Experience Manager versions 6.5.15.0 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE-2023-21616 [MEDIUM] CWE-79 CVE-2023-21616: Experience Manager versions 6.5.15.0 (and earlier) are affected by a reflected Cross-Site Scripting Experience Manager versions 6.5.15.0 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE-2020-9645 [HIGH] CWE-918 CVE-2020-9645: Adobe Experience Manager versions 6.5 and earlier have a blind server-side request forgery (ssrf) vu Adobe Experience Manager versions 6.5 and earlier have a blind server-side request forgery (ssrf) vulnerability. Successful exploitation could lead to sensitive information disclosure.

CVE-2020-9643 [HIGH] CWE-918 CVE-2020-9643: Adobe Experience Manager versions 6.5 and earlier have a server-side request forgery (ssrf) vulnerab Adobe Experience Manager versions 6.5 and earlier have a server-side request forgery (ssrf) vulnerability. Successful exploitation could lead to sensitive information disclosure.

CVE-2020-9651 [MEDIUM] CWE-79 CVE-2020-9651: Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (reflected) vulnerabil Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (reflected) vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser.

CVE-2020-9647 [MEDIUM] CWE-79 CVE-2020-9647: Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (dom-based) vulnerabil Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (dom-based) vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser.

CVE-2020-9648 [MEDIUM] CWE-79 CVE-2020-9648: Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting vulnerability. Success Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser.

CVE-2020-9644 [MEDIUM] CWE-79 CVE-2020-9644: Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (stored) vulnerability Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (stored) vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser.

CVE-2020-3769 [HIGH] CWE-918 CVE-2020-3769: Adobe Experience Manager versions 6.5 and earlier have a server-side request forgery (ssrf) vulnerab Adobe Experience Manager versions 6.5 and earlier have a server-side request forgery (ssrf) vulnerability. Successful exploitation could lead to sensitive information disclosure.

CVE-2020-3741 [HIGH] CWE-400 CVE-2020-3741: Adobe Experience Manager versions 6.5, and 6.4 have an uncontrolled resource consumption vulnerabili Adobe Experience Manager versions 6.5, and 6.4 have an uncontrolled resource consumption vulnerability. Successful exploitation could lead to denial-of-service.

CVE-2019-16469 [HIGH] CWE-917 CVE-2019-16469: Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have an expression language injec Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have an expression language injection vulnerability. Successful exploitation could lead to sensitive information disclosure.

CVE-2019-16468 [HIGH] CWE-74 CVE-2019-16468: Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have an user interface injection Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have an user interface injection vulnerability. Successful exploitation could lead to sensitive information disclosure.