Adobe Experience Manager vulnerabilities

1,088 known vulnerabilities affecting adobe/experience_manager.

Total CVEs
1,088
CISA KEV
0
Public exploits
7
Exploited in wild
0
Severity breakdown
CRITICAL11HIGH27MEDIUM1042LOW8

Vulnerabilities

Page 55 of 55
CVE-2016-4170MEDIUMCVSS 6.1v5.6.1v6.0.0+2 more2016-08-09
CVE-2016-4170 [MEDIUM] CWE-79 CVE-2016-4170: Cross-site scripting (XSS) vulnerability in Adobe Experience Manager 5.6.1, 6.0, 6.1, and 6.2 allows Cross-site scripting (XSS) vulnerability in Adobe Experience Manager 5.6.1, 6.0, 6.1, and 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2016-4169MEDIUMCVSS 5.3v6.0.0v6.1.0+1 more2016-08-09
CVE-2016-4169 [MEDIUM] CWE-200 CVE-2016-4169: Adobe Experience Manager 6.0, 6.1, and 6.2 allow attackers to obtain sensitive audit log event infor Adobe Experience Manager 6.0, 6.1, and 6.2 allow attackers to obtain sensitive audit log event information via unspecified vectors.
nvd
CVE-2016-4253MEDIUMCVSS 5.3v5.6.1v6.0.0+2 more2016-08-09
CVE-2016-4253 [MEDIUM] CWE-200 CVE-2016-4253: The Backup functionality in Adobe Experience Manager 5.6.1, 6.0, 6.1, and 6.2 allows attackers to ob The Backup functionality in Adobe Experience Manager 5.6.1, 6.0, 6.1, and 6.2 allows attackers to obtain sensitive information via unspecified vectors.
nvd
CVE-2016-4168MEDIUMCVSS 6.1v5.6.1v6.0.0+1 more2016-08-09
CVE-2016-4168 [MEDIUM] CWE-79 CVE-2016-4168: Cross-site scripting (XSS) vulnerability in Adobe Experience Manager 5.6.1, 6.0, and 6.1 allows remo Cross-site scripting (XSS) vulnerability in Adobe Experience Manager 5.6.1, 6.0, and 6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2016-0958HIGHCVSS 7.5v5.6.1v6.0.0+1 more2016-02-10
CVE-2016-0958 [HIGH] CWE-200 CVE-2016-0958: Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 might allow remote attackers to have an unspecified Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 might allow remote attackers to have an unspecified impact via a crafted serialized Java object.
nvd
CVE-2016-0956HIGHCVSS 7.5PoCv5.6.1v6.0.0+1 more2016-02-10
CVE-2016-0956 [HIGH] CWE-200 CVE-2016-0956: The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors.
nvd
CVE-2016-0957HIGHCVSS 7.5PoCv5.6.1v6.0.0+1 more2016-02-10
CVE-2016-0957 [HIGH] CVE-2016-0957: Dispatcher before 4.1.5 in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 does not properly implem Dispatcher before 4.1.5 in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 does not properly implement a URL filter, which allows remote attackers to bypass dispatcher rules via unspecified vectors.
nvd
CVE-2016-0955MEDIUMCVSS 6.1v6.1.02016-02-10
CVE-2016-0955 [MEDIUM] CWE-79 CVE-2016-0955: Cross-site scripting (XSS) vulnerability in Adobe Experience Manager (AEM) 6.1.0 allows remote authe Cross-site scripting (XSS) vulnerability in Adobe Experience Manager (AEM) 6.1.0 allows remote authenticated users to inject arbitrary web script or HTML via a folder title field that is mishandled in the Deletion popup dialog.
nvd
← Previous55 / 55