CVE-2021-44178
5.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Summary
AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a reflected Cross-Site Scripting (XSS) vulnerability via the itemResourceType parameter. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Adobe | Experience Manager | unspecified <= 6.5.10.0 | affected |
| Adobe | Experience Manager | unspecified <= None | affected |
Weaknesses
- CWE-79: Cross-site Scripting (Reflected XSS) (CWE-79)
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.