CVE-2024-41845 – Stored XSS in `libs/dam/gui/components/admin/collections/clientlibs/admin/js/collectionoperationsactivator.js`
https://notcve.org/view.php?id=CVE-2024-41845
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. • https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-41848 – AMS XSS - /libs/dam/gui/coral/components/admin/reports/viewreport/clientlibs/viewreport/js/viewreport.js (JS)
https://notcve.org/view.php?id=CVE-2024-41848
Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. • https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-41843 – Stored XSS in `libs/granite/ui/components/coral/foundation/clientlibs/foundation/js/layout/actionfield.js`
https://notcve.org/view.php?id=CVE-2024-41843
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. • https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-41876 – AMS XSS - /libs/clientlibs/granite/richtext/externals/tests/resources/test/index.html (retest of 1969052 - not fixed)
https://notcve.org/view.php?id=CVE-2024-41876
Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. • https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-41846 – AMS XSS - /libs/dam/gui/coral/components/admin/drm/licensefield/licensefield.jsp
https://notcve.org/view.php?id=CVE-2024-41846
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. • https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •