CVE-2024-41841 – AMS XSS - /libs/cq/personalization/components/profileloader/content/load.js
https://notcve.org/view.php?id=CVE-2024-41841
Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. • https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-41847 – Cloud Services - /libs/cq/contexthub/components/traits/generic-comparison/generic-comparison.jsp (retest 2132455 - not fixed)
https://notcve.org/view.php?id=CVE-2024-41847
Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. • https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-41844 – Stored XSS in `libs/dam/gui/coral/components/admin/clientlibs/actions/js/download.js`
https://notcve.org/view.php?id=CVE-2024-41844
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. • https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-41849 – HTML Injection on `https://author-bugbounty-65-prod.adobecqms.net/`
https://notcve.org/view.php?id=CVE-2024-41849
Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation vulnerability that could lead to a security feature bypass. An low-privileged attacker could leverage this vulnerability to slightly affect the integrity of the page. Exploitation of this issue requires user interaction and scope is changed. • https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html • CWE-20: Improper Input Validation •
CVE-2024-41875 – AMS XSS - /libs/dam/gui/components/admin/collections/clientlibs/admin/js/collectionoperationsactivator.js
https://notcve.org/view.php?id=CVE-2024-41875
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. • https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •