Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Experience_manager
(Adobe)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 674 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-06-12 | CVE-2020-9643 | Adobe Experience Manager versions 6.5 and earlier have a server-side request forgery (ssrf) vulnerability. Successful exploitation could lead to sensitive information disclosure. | Experience_manager | 7.5 | ||
| 2020-06-12 | CVE-2020-9644 | Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (stored) vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser. | Experience_manager | 5.4 | ||
| 2020-06-12 | CVE-2020-9645 | Adobe Experience Manager versions 6.5 and earlier have a blind server-side request forgery (ssrf) vulnerability. Successful exploitation could lead to sensitive information disclosure. | Experience_manager | 7.5 | ||
| 2020-06-12 | CVE-2020-9647 | Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (dom-based) vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser. | Experience_manager | 6.1 | ||
| 2020-06-12 | CVE-2020-9648 | Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser. | Experience_manager | 6.1 | ||
| 2020-06-12 | CVE-2020-9651 | Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (reflected) vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser. | Experience_manager | 6.1 | ||
| 2020-09-10 | CVE-2020-9732 | The AEM Forms add-on for versions 6.5.5.0 (and below) and 6.4.8.2 (and below) are affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Sites component. These scripts may be executed in a victim’s browser when they open the page containing the vulnerable field. | Experience_manager, Experience_manager_forms | 9.0 | ||
| 2020-09-10 | CVE-2020-9733 | An AEM java servlet in AEM versions 6.5.5.0 (and below) and 6.4.8.1 (and below) executes with the permissions of a high privileged service user. If exploited, this could lead to read-only access to sensitive data in an AEM repository. | Experience_manager, Experience_manager_forms | 7.5 | ||
| 2020-09-10 | CVE-2020-9734 | The AEM Forms add-on for versions 6.5.5.0 (and below) and 6.4.8.1 (and below) is affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Forms component. These scripts may be executed in a victim’s browser when they open the page containing the vulnerable field. | Experience_manager | 5.4 | ||
| 2020-09-10 | CVE-2020-9735 | AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields. These scripts may be executed in a victim’s browser when search queries return the page containing the vulnerable field. | Experience_manager | 4.8 |