Cross-site scripting (XSS) vulnerability in Adobe Experience Manager (AEM) 6.1.0 allows remote authenticated users to inject arbitrary web script or HTML via a folder title field that is mishandled in the Deletion popup dialog.
References
Link | Resource |
---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb16-05.html | Patch Vendor Advisory |
http://www.csnc.ch/misc/files/advisories/CVE-2016-0955_AEM-XSS.txt |
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2016-02-10 12:59
Updated : 2016-03-22 17:57
NVD link : CVE-2016-0955
Mitre link : CVE-2016-0955
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
apple
- mac_os_x
microsoft
- windows
adobe
- experience_manager
linux
- linux_kernel