Adobe Experience Manager Cloud Service vulnerabilities

CVE-2023-48449 [MEDIUM] CWE-79 CVE-2023-48449: Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-bas Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE-2023-48486 [MEDIUM] CWE-79 CVE-2023-48486: Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-bas Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE-2023-48539 [MEDIUM] CWE-79 CVE-2023-48539: Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-bas Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE-2023-48489 [MEDIUM] CWE-79 CVE-2023-48489: Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-bas Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE-2023-48459 [MEDIUM] CWE-79 CVE-2023-48459: Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-bas Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE-2023-48549 [MEDIUM] CWE-79 CVE-2023-48549: Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE-2023-48532 [MEDIUM] CWE-79 CVE-2023-48532: Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-bas Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE-2023-48446 [MEDIUM] CWE-79 CVE-2023-48446: Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-bas Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE-2023-48450 [MEDIUM] CWE-79 CVE-2023-48450: Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-bas Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE-2023-48526 [MEDIUM] CWE-79 CVE-2023-48526: Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scriptin Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE-2023-48551 [MEDIUM] CWE-79 CVE-2023-48551: Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE-2023-48544 [MEDIUM] CWE-79 CVE-2023-48544: Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE-2023-48525 [MEDIUM] CWE-79 CVE-2023-48525: Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-bas Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE-2023-38215 [MEDIUM] CWE-79 CVE-2023-38215: Adobe Experience Manager versions 6.5.17 and earlier are affected by a reflected Cross-Site Scriptin Adobe Experience Manager versions 6.5.17 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE-2023-29322 [MEDIUM] CWE-79 CVE-2023-29322: Adobe Experience Manager versions 6.5.16.0 (and earlier) is affected by a reflected Cross-Site Scrip Adobe Experience Manager versions 6.5.16.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE-2023-29304 [MEDIUM] CWE-79 CVE-2023-29304: Adobe Experience Manager versions 6.5.16.0 (and earlier) is affected by a reflected Cross-Site Scrip Adobe Experience Manager versions 6.5.16.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE-2023-29302 [MEDIUM] CWE-79 CVE-2023-29302: Adobe Experience Manager versions 6.5.16.0 (and earlier) is affected by a reflected Cross-Site Scrip Adobe Experience Manager versions 6.5.16.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE-2023-29307 [MEDIUM] CWE-601 CVE-2023-29307: Adobe Experience Manager versions 6.5.16.0 (and earlier) is affected by a URL Redirection to Untrust Adobe Experience Manager versions 6.5.16.0 (and earlier) is affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.

CVE-2023-22265 [MEDIUM] CWE-601 CVE-2023-22265: Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Si Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.

CVE-2023-22257 [MEDIUM] CWE-601 CVE-2023-22257: Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Si Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.