CVSS: 6.1EPSS: 1%CPEs: 3EXPL: 0CVE-2016-4168
https://notcve.org/view.php?id=CVE-2016-4168
Cross-site scripting (XSS) vulnerability in Adobe Experience Manager 5.6.1, 6.0, and 6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en Adobe Experience Manager 5.6.1, 6.0 y 6.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://www.securityfocus.com/bid/92377 http://www.securitytracker.com/id/1036563 https://helpx.adobe.com/security/products/experience-manager/apsb16-27.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2016-4169
https://notcve.org/view.php?id=CVE-2016-4169
Adobe Experience Manager 6.0, 6.1, and 6.2 allow attackers to obtain sensitive audit log event information via unspecified vectors. Adobe Experience Manager 6.0, 6.1 y 6.2 permiten a atacantes obtener información de eventos de registro de auditoría sensible a través de vectores no especificados. • http://www.securityfocus.com/bid/92382 http://www.securitytracker.com/id/1036563 https://helpx.adobe.com/security/products/experience-manager/apsb16-27.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2016-4253
https://notcve.org/view.php?id=CVE-2016-4253
The Backup functionality in Adobe Experience Manager 5.6.1, 6.0, 6.1, and 6.2 allows attackers to obtain sensitive information via unspecified vectors. La funcionalidad Backup en Adobe Experience Manager 5.6.1, 6.0, 6.1 y 6.2 permite a atacantes obtener información sensible a través de vectores no especificados. • http://www.securityfocus.com/bid/92380 http://www.securitytracker.com/id/1036563 https://helpx.adobe.com/security/products/experience-manager/apsb16-27.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 2%CPEs: 7EXPL: 1CVE-2016-0956 – Apache Sling Framework (Adobe AEM) 2.3.6 - Information Disclosure
https://notcve.org/view.php?id=CVE-2016-0956
The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors. El componente Servlets Post 2.3.6 en Apache Sling, como se utiliza en Adobe Experience Manager 5.6.1, 6.0.0 y 6.1.0, permite a atacantes remotos obtener información sensible a través de vectores no especificados. Apache Sling Framework version 2.3.6 suffers from an information disclosure vulnerability. • https://www.exploit-db.com/exploits/39435 http://packetstormsecurity.com/files/135720/Apache-Sling-Framework-2.3.6-Information-Disclosure.html http://seclists.org/fulldisclosure/2016/Feb/48 http://www.securityfocus.com/archive/1/537498/100/0/threaded https://helpx.adobe.com/security/products/experience-manager/apsb16-05.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 1%CPEs: 4EXPL: 0CVE-2016-0955
https://notcve.org/view.php?id=CVE-2016-0955
Cross-site scripting (XSS) vulnerability in Adobe Experience Manager (AEM) 6.1.0 allows remote authenticated users to inject arbitrary web script or HTML via a folder title field that is mishandled in the Deletion popup dialog. Vulnerabilidad de XSS en Adobe Experience Manager (AEM) 6.1.0 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través del campo title de una carpeta que no es manejado correctamente en el dialogo de ventana emergente Deletion. • http://www.csnc.ch/misc/files/advisories/CVE-2016-0955_AEM-XSS.txt https://helpx.adobe.com/security/products/experience-manager/apsb16-05.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •