Adobe Experience Manager Cloud Service vulnerabilities

CVE-2023-21615 [MEDIUM] CWE-79 CVE-2023-21615: Experience Manager versions 6.5.15.0 (and earlier) are affected by a reflected Cross-Site Scripting Experience Manager versions 6.5.15.0 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE-2023-21616 [MEDIUM] CWE-79 CVE-2023-21616: Experience Manager versions 6.5.15.0 (and earlier) are affected by a reflected Cross-Site Scripting Experience Manager versions 6.5.15.0 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE-2023-22261 [MEDIUM] CWE-601 CVE-2023-22261: Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Si Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.

CVE-2023-22259 [MEDIUM] CWE-601 CVE-2023-22259: Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Si Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.

CVE-2023-22260 [MEDIUM] CWE-601 CVE-2023-22260: Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Si Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.

CVE-2023-22253 [MEDIUM] CWE-79 CVE-2023-22253: Experience Manager versions 6.5.15.0 (and earlier) are affected by a reflected Cross-Site Scripting Experience Manager versions 6.5.15.0 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE-2023-22262 [MEDIUM] CWE-601 CVE-2023-22262: Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Si Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.

CVE-2023-22258 [MEDIUM] CWE-601 CVE-2023-22258: Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Si Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.

CVE-2023-22264 [MEDIUM] CWE-601 CVE-2023-22264: Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Si Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.

CVE-2023-22252 [MEDIUM] CWE-79 CVE-2023-22252: Experience Manager versions 6.5.15.0 (and earlier) are affected by a reflected Cross-Site Scripting Experience Manager versions 6.5.15.0 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE-2023-22269 [MEDIUM] CWE-79 CVE-2023-22269: Experience Manager versions 6.5.15.0 (and earlier) are affected by a reflected Cross-Site Scripting Experience Manager versions 6.5.15.0 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE-2023-22271 [MEDIUM] CWE-261 CVE-2023-22271: Experience Manager versions 6.5.15.0 (and earlier) are affected by a Weak Cryptography for Passwords Experience Manager versions 6.5.15.0 (and earlier) are affected by a Weak Cryptography for Passwords vulnerability that can lead to a security feature bypass. A low-privileged attacker can exploit this in order to decrypt a user's password. The attack complexity is high since a successful exploitation requires to already have in possession this encr

CVE-2023-22266 [MEDIUM] CWE-601 CVE-2023-22266: Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Si Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.

CVE-2023-22263 [MEDIUM] CWE-601 CVE-2023-22263: Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Si Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.

CVE-2023-22254 [MEDIUM] CWE-79 CVE-2023-22254: Experience Manager versions 6.5.15.0 (and earlier) are affected by a reflected Cross-Site Scripting Experience Manager versions 6.5.15.0 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE-2023-22256 [MEDIUM] CWE-601 CVE-2023-22256: Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Si Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.

CVE-2022-44510 [MEDIUM] CWE-79 CVE-2022-44510: Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scriptin Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE-2022-42365 [MEDIUM] CWE-79 CVE-2022-42365: Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scriptin Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE-2022-42352 [MEDIUM] CWE-79 CVE-2022-42352: Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scriptin Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE-2022-44463 [MEDIUM] CWE-79 CVE-2022-44463: Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scriptin Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.