5.4
CVE-2024-41878
- EPSS 1.32%
- Veröffentlicht 23.08.2024 17:15:09
- Zuletzt bearbeitet 27.08.2024 14:46:24
- Quelle psirt@adobe.com
- CVE-Watchlists
- Unerledigt
LoginAdobe Experience Manager versions 6.5.19 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to inject and execute arbitrary JavaScript code within the context of the user's browser session. Exploitation of this issue requires user interaction, such as convincing a victim to click on a malicious link.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Adobe ≫ Experience Manager Version < 6.5.20.0
Adobe ≫ Experience Manager SwEditionaem_cloud_service Version < 2024.03
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.32% | 0.793 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@adobe.com | 5.4 | 2.3 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.