CVSS: 5.5EPSS: 1%CPEs: 2EXPL: 0CVE-2023-22253 – AEM Reflected XSS Arbitrary code execution
https://notcve.org/view.php?id=CVE-2023-22253
22 Mar 2023 — Experience Manager versions 6.5.15.0 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. • https://helpx.adobe.com/security/products/experience-manager/apsb23-18.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 1%CPEs: 2EXPL: 0CVE-2023-22252 – AEM Reflected XSS Arbitrary code execution
https://notcve.org/view.php?id=CVE-2023-22252
22 Mar 2023 — Experience Manager versions 6.5.15.0 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. • https://helpx.adobe.com/security/products/experience-manager/apsb23-18.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-22260 – AEM URL Redirection to Untrusted Site Security feature bypass
https://notcve.org/view.php?id=CVE-2023-22260
22 Mar 2023 — Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction. • https://helpx.adobe.com/security/products/experience-manager/apsb23-18.html • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-22261 – AEM URL Redirection to Untrusted Site Security feature bypass
https://notcve.org/view.php?id=CVE-2023-22261
22 Mar 2023 — Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction. • https://helpx.adobe.com/security/products/experience-manager/apsb23-18.html • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-22262 – AEM URL Redirection to Untrusted Site Security feature bypass
https://notcve.org/view.php?id=CVE-2023-22262
22 Mar 2023 — Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction. • https://helpx.adobe.com/security/products/experience-manager/apsb23-18.html • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-22271 – AEM Weak Cryptography for Passwords Security feature bypass
https://notcve.org/view.php?id=CVE-2023-22271
22 Mar 2023 — Experience Manager versions 6.5.15.0 (and earlier) are affected by a Weak Cryptography for Passwords vulnerability that can lead to a security feature bypass. A low-privileged attacker can exploit this in order to decrypt a user's password. The attack complexity is high since a successful exploitation requires to already have in possession this encrypted secret. • https://helpx.adobe.com/security/products/experience-manager/apsb23-18.html • CWE-261: Weak Encoding for Password CWE-326: Inadequate Encryption Strength •
CVSS: 5.5EPSS: 2%CPEs: 2EXPL: 0CVE-2022-44510 – AEM Reflected XSS Arbitrary code execution
https://notcve.org/view.php?id=CVE-2022-44510
22 Dec 2022 — Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Adobe Experience Manager versión 6.5.14 (y anteriores) se ve afectado por una vulnerabilidad de Cross-Site Scripting (XSS) reflejado. Si un atacante con pocos privilegios puede convencer a una víc... • https://helpx.adobe.com/security/products/experience-manager/apsb22-59.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 2%CPEs: 2EXPL: 0CVE-2022-44471 – AEM Reflected XSS Arbitrary code execution
https://notcve.org/view.php?id=CVE-2022-44471
19 Dec 2022 — Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Adobe Experience Manager versión 6.5.14 (y anteriores) se ve afectado por una vulnerabilidad de Cross-Site Scripting (XSS) Reflejado. Si un atacante con pocos privilegios puede convencer a una víc... • https://helpx.adobe.com/security/products/experience-manager/apsb22-59.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 2%CPEs: 2EXPL: 0CVE-2022-44463 – AEM Reflected XSS Arbitrary code execution
https://notcve.org/view.php?id=CVE-2022-44463
19 Dec 2022 — Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Adobe Experience Manager versión 6.5.14 (y anteriores) se ve afectado por una vulnerabilidad de Cross-Site Scripting (XSS) Reflejado. Si un atacante con pocos privilegios puede convencer a una víc... • https://helpx.adobe.com/security/products/experience-manager/apsb22-59.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 2%CPEs: 2EXPL: 0CVE-2022-44470 – AEM Reflected XSS Arbitrary code execution
https://notcve.org/view.php?id=CVE-2022-44470
19 Dec 2022 — Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Adobe Experience Manager versión 6.5.14 (y anteriores) se ve afectado por una vulnerabilidad de Cross-Site Scripting (XSS) Reflejado. Si un atacante con pocos privilegios puede convencer a una víc... • https://helpx.adobe.com/security/products/experience-manager/apsb22-59.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •