CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2018-4876
https://notcve.org/view.php?id=CVE-2018-4876
Adobe Experience Manager versions 6.3, 6.2, and 6.1 are vulnerable to cross-site scripting via a bypass of the Sling XSSAPI#getValidHref function. Las versiones 6.3, 6.2 y 6.1 de Adobe Experience Manager son vulnerables a Cross-Site Scripting (XSS) mediante una omisión de la función Sling XSSAPI#getValidHref. • http://www.securityfocus.com/bid/102990 http://www.securitytracker.com/id/1040365 https://helpx.adobe.com/security/products/experience-manager/apsb18-04.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2018-4875
https://notcve.org/view.php?id=CVE-2018-4875
Adobe Experience Manager versions 6.1 and 6.0 are vulnerable to a reflected cross-site scripting vulnerability related to the handling of malicious content embedded in image files uploaded to the DAM. Las versiones 6.1 y 6.0 de Adobe Experience Manager son vulnerables a Cross-Site Scripting (XSS) reflejado relacionado con la gestión de contenido malicioso embebido en archivos de imagen subidos al DAM. • http://www.securityfocus.com/bid/102991 http://www.securitytracker.com/id/1040365 https://helpx.adobe.com/security/products/experience-manager/apsb18-04.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2017-11296
https://notcve.org/view.php?id=CVE-2017-11296
An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. A cross-site scripting vulnerability in Apache Sling Servlets Post 2.3.20 has been resolved in Adobe Experience Manager. Se ha descubierto un problema en Adobe Experience Manager 6.3, 6.2, 6.1 y 6.0. Se ha resuelto una vulnerabilidad de Cross-Site Scripting en Apache Sling Servlets Post 2.3.20 en Adobe Experience Manager. • http://www.securityfocus.com/bid/101844 http://www.securitytracker.com/id/1039800 https://helpx.adobe.com/security/products/experience-manager/apsb17-41.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2017-3109
https://notcve.org/view.php?id=CVE-2017-3109
An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. Adobe Experience Manager has a reflected cross-site scripting vulnerability in the HtmlRendererServlet. Se ha descubierto un problema en Adobe Experience Manager 6.3, 6.2, 6.1 y 6.0. Adobe Experience Manager tiene una vulnerabilidad de Cross-Site Scripting reflejado en HtmlRendererServlet. • http://www.securityfocus.com/bid/101834 http://www.securitytracker.com/id/1039800 https://helpx.adobe.com/security/products/experience-manager/apsb17-41.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-3111
https://notcve.org/view.php?id=CVE-2017-3111
An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. Sensitive tokens are included in http GET requests under certain circumstances. Se ha descubierto un problema en Adobe Experience Manager 6.3, 6.2, 6.1 y 6.0. Los tokens sensibles se incluyen en peticiones http GET bajo ciertas circunstancias. • http://www.securityfocus.com/bid/101843 http://www.securitytracker.com/id/1039800 https://helpx.adobe.com/security/products/experience-manager/apsb17-41.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •