Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Adobe Subscribe
Filtered by product Experience Manager
Total 144 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-35664 1 Adobe 1 Experience Manager 2022-09-20 N/A 5.4 MEDIUM
Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM.
CVE-2022-30686 1 Adobe 1 Experience Manager 2022-09-20 N/A 5.4 MEDIUM
Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM.
CVE-2022-30685 1 Adobe 1 Experience Manager 2022-09-20 N/A 5.4 MEDIUM
Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM.
CVE-2022-30684 1 Adobe 1 Experience Manager 2022-09-20 N/A 5.4 MEDIUM
Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM.
CVE-2022-30683 1 Adobe 1 Experience Manager 2022-09-20 N/A 5.3 MEDIUM
Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a Violation of Secure Design Principles vulnerability that could lead to bypass the security feature of the encryption mechanism in the backend . An attacker could leverage this vulnerability to decrypt secrets, however, this is a high-complexity attack as the threat actor needs to already possess those secrets. Exploitation of this issue requires low-privilege access to AEM.
CVE-2022-30682 1 Adobe 1 Experience Manager 2022-09-20 N/A 5.4 MEDIUM
Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM.
CVE-2022-30680 1 Adobe 1 Experience Manager 2022-09-20 N/A 5.4 MEDIUM
Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM.
CVE-2022-30681 1 Adobe 1 Experience Manager 2022-09-20 N/A 5.4 MEDIUM
Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM.
CVE-2022-30677 1 Adobe 1 Experience Manager 2022-09-20 N/A 5.4 MEDIUM
Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM.
CVE-2022-30678 1 Adobe 1 Experience Manager 2022-09-20 N/A 5.4 MEDIUM
Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM.
CVE-2021-28626 1 Adobe 1 Experience Manager 2022-04-25 5.0 MEDIUM 7.5 HIGH
Adobe Experience Manager Cloud Service offering, as well as versions 6.5.8.0 (and below) is affected by an Improper Authorization vulnerability allowing users to create nodes under a location. An unauthenticated attacker could leverage this vulnerability to cause an application denial-of-service. Exploitation of this issue does not require user interaction.
CVE-2021-40714 1 Adobe 1 Experience Manager 2022-02-04 4.3 MEDIUM 6.1 MEDIUM
Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability via the accesskey parameter. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser
CVE-2021-40711 1 Adobe 1 Experience Manager 2022-02-04 3.5 LOW 5.4 MEDIUM
Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a stored XSS vulnerability when creating Content Fragments. An authenticated attacker can send a malformed POST request to achieve arbitrary code execution. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVE-2021-43762 1 Adobe 2 Experience Manager, Experience Manager Cloud Service 2022-01-19 6.4 MEDIUM 6.5 MEDIUM
AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a dispatcher bypass vulnerability that could be abused to evade security controls. Sensitive areas of the web application may be exposed through exploitation of the vulnerability.
CVE-2021-43761 1 Adobe 2 Experience Manager, Experience Manager Cloud Service 2022-01-19 3.5 LOW 5.4 MEDIUM
AEM's Cloud Service offering, as well as versions 6.5.7.0 (and below), 6.4.8.3 (and below) and 6.3.3.8 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVE-2021-40722 1 Adobe 2 Experience Manager, Experience Manager Cloud Service 2022-01-19 7.5 HIGH 9.8 CRITICAL
AEM Forms Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by an XML External Entity (XXE) injection vulnerability that could be abused by an attacker to achieve RCE.
CVE-2021-44178 1 Adobe 2 Experience Manager, Experience Manager Cloud Service 2022-01-14 4.3 MEDIUM 6.1 MEDIUM
AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a reflected Cross-Site Scripting (XSS) vulnerability via the itemResourceType parameter. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser
CVE-2021-43764 1 Adobe 2 Experience Manager, Experience Manager Cloud Service 2022-01-14 3.5 LOW 5.4 MEDIUM
AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVE-2021-43765 1 Adobe 2 Experience Manager, Experience Manager Cloud Service 2022-01-14 4.3 MEDIUM 6.1 MEDIUM
AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVE-2021-44176 1 Adobe 2 Experience Manager, Experience Manager Cloud Service 2022-01-14 4.3 MEDIUM 6.1 MEDIUM
AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.