6.8
CVE-2020-9736
- EPSS 2.09%
- Veröffentlicht 10.09.2020 17:15:40
- Zuletzt bearbeitet 21.11.2024 05:41:11
- Quelle psirt@adobe.com
- CVE-Watchlists
- Unerledigt
LoginAEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields. These scripts may be executed in a victim’s browser when browsing to the page containing the vulnerable field.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Adobe ≫ Experience Manager Version >= 6.3.0.0 <= 6.3.3.8
Adobe ≫ Experience Manager Version >= 6.4.0.0 <= 6.4.8.1
Adobe ≫ Experience Manager Version >= 6.5.0.0 <= 6.5.5.0
Adobe ≫ Experience Manager Version6.2.0.0 Updatesp1
Adobe ≫ Experience Manager Version6.2.0.0 Updatesp1-cfp1
Adobe ≫ Experience Manager Version6.2.0.0 Updatesp1-cfp10
Adobe ≫ Experience Manager Version6.2.0.0 Updatesp1-cfp11
Adobe ≫ Experience Manager Version6.2.0.0 Updatesp1-cfp12.1
Adobe ≫ Experience Manager Version6.2.0.0 Updatesp1-cfp13
Adobe ≫ Experience Manager Version6.2.0.0 Updatesp1-cfp14
Adobe ≫ Experience Manager Version6.2.0.0 Updatesp1-cfp15
Adobe ≫ Experience Manager Version6.2.0.0 Updatesp1-cfp16
Adobe ≫ Experience Manager Version6.2.0.0 Updatesp1-cfp17
Adobe ≫ Experience Manager Version6.2.0.0 Updatesp1-cfp18
Adobe ≫ Experience Manager Version6.2.0.0 Updatesp1-cfp19
Adobe ≫ Experience Manager Version6.2.0.0 Updatesp1-cfp2
Adobe ≫ Experience Manager Version6.2.0.0 Updatesp1-cfp20
Adobe ≫ Experience Manager Version6.2.0.0 Updatesp1-cfp3
Adobe ≫ Experience Manager Version6.2.0.0 Updatesp1-cfp4
Adobe ≫ Experience Manager Version6.2.0.0 Updatesp1-cfp5
Adobe ≫ Experience Manager Version6.2.0.0 Updatesp1-cfp6
Adobe ≫ Experience Manager Version6.2.0.0 Updatesp1-cfp7
Adobe ≫ Experience Manager Version6.2.0.0 Updatesp1-cfp8
Adobe ≫ Experience Manager Version6.2.0.0 Updatesp1-cfp9
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.09% | 0.835 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.8 | 1.7 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
|
| nvd@nist.gov | 3.5 | 6.8 | 2.9 |
AV:N/AC:M/Au:S/C:N/I:P/A:N
|
| psirt@adobe.com | 6.8 | 0.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.