CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-40714 – Adobe Experience Manager Reflected Cross Site Scripting via accesskey parameter
https://notcve.org/view.php?id=CVE-2021-40714
Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability via the accesskey parameter. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser Adobe Experience Manager versiones 6.5.9.0 (y anteriores), está afectada por una vulnerabilidad de tipo Cross-Site Scripting (XSS) reflejado por medio del parámetro accesskey. Si un atacante es capaz de convencer a una víctima de visitar una URL que haga referencia a una página vulnerable, puede ser ejecutado contenido JavaScript malicioso en el contexto del navegador de la víctima • https://helpx.adobe.com/security/products/experience-manager/apsb21-82.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2021-40713 – Adobe Experience Manager Improper Certificate Validation Could Lead to Man In The Middle Attack
https://notcve.org/view.php?id=CVE-2021-40713
Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a improper certificate validation vulnerability in the cold storage component. If an attacker can achieve a man in the middle when the cold server establishes a new certificate, they would be able to harvest sensitive information. Adobe Experience Manager versiones 6.5.9.0 (y anteriores), está afectada por una vulnerabilidad de comprobación de certificados inapropiada en el componente cold storage. Si un atacante puede lograr un ataque de tipo man in the middle cuando el servidor frío establece un nuevo certificado, podría ser capaz de cosechar información confidencial • https://helpx.adobe.com/security/products/experience-manager/apsb21-82.html • CWE-295: Improper Certificate Validation •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-40711 – Adobe Experience Manager Stored Cross-Site Scripting Could Lead to Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2021-40711
Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a stored XSS vulnerability when creating Content Fragments. An authenticated attacker can send a malformed POST request to achieve arbitrary code execution. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Adobe Experience Manager versiones 6.5.9.0 (y anteriores) se ve afectada por una vulnerabilidad de XSS almacenada al crear fragmentos de contenido. Un atacante autenticado puede enviar una solicitud POST malformada para lograr la ejecución de código arbitrario. • https://helpx.adobe.com/security/products/experience-manager/apsb21-82.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-28627 – Adobe Experience Manager Server-side Request Forgery could lead to Security feature bypass
https://notcve.org/view.php?id=CVE-2021-28627
Adobe Experience Manager Cloud Service offering, as well as versions 6.5.8.0 (and below) is affected by a Server-side Request Forgery. An authenticated attacker could leverage this vulnerability to contact systems blocked by the dispatcher. Exploitation of this issue does not require user interaction. Adobe Experience Manager Cloud Service offering, así como las versiones 6.5.8.0 (y por debajo) están afectadas por una vulnerabilidad de tipo Server-side Request Forgery. Un atacante autenticado podría aprovechar esta vulnerabilidad para ponerse en contacto con los sistemas bloqueados por el despachador. • https://helpx.adobe.com/security/products/experience-manager/apsb21-39.html • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-28628 – Adobe Experience Manager Cross-site Scripting vulnerability in inbox render.jsp
https://notcve.org/view.php?id=CVE-2021-28628
Adobe Experience Manager Cloud Service offering, as well as versions 6.5.8.0 (and below) is affected by a Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Adobe Experience Manager Cloud Service offering, así como las versiones 6.5.8.0 (y por debajo) están afectadas por una vulnerabilidad de tipo Cross-Site Scripting (XSS) que podría ser abusada por un atacante para inyectar scripts maliciosas en los campos de formulario vulnerables. El JavaScript malicioso podría ejecutarse en el navegador de la víctima cuando ésta navega a la página que contiene el campo vulnerable. • https://helpx.adobe.com/security/products/experience-manager/apsb21-39.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •