CVE-2020-9743
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by an HTML injection vulnerability in the content editor component that allows unauthenticated users to craft an HTTP request that includes arbitrary HTML code in a parameter value. An attacker could then use the malicious GET request to lure victims to perform unsafe actions in the page (ex. phishing).
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Adobe | Experience Manager | unspecified <= 6.5.5.0 | affected |
| Adobe | Experience Manager | unspecified <= 6.4.8.1 | affected |
| Adobe | Experience Manager | unspecified <= 6.3.3.8 | affected |
| Adobe | Experience Manager | unspecified <= 6.2 SP1-CFP20 | affected |
Weaknesses
- CWE-20: Improper Input Validation (CWE-20)
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.