CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2018-4876
https://notcve.org/view.php?id=CVE-2018-4876
Adobe Experience Manager versions 6.3, 6.2, and 6.1 are vulnerable to cross-site scripting via a bypass of the Sling XSSAPI#getValidHref function. Las versiones 6.3, 6.2 y 6.1 de Adobe Experience Manager son vulnerables a Cross-Site Scripting (XSS) mediante una omisión de la función Sling XSSAPI#getValidHref. • http://www.securityfocus.com/bid/102990 http://www.securitytracker.com/id/1040365 https://helpx.adobe.com/security/products/experience-manager/apsb18-04.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2017-11296
https://notcve.org/view.php?id=CVE-2017-11296
An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. A cross-site scripting vulnerability in Apache Sling Servlets Post 2.3.20 has been resolved in Adobe Experience Manager. Se ha descubierto un problema en Adobe Experience Manager 6.3, 6.2, 6.1 y 6.0. Se ha resuelto una vulnerabilidad de Cross-Site Scripting en Apache Sling Servlets Post 2.3.20 en Adobe Experience Manager. • http://www.securityfocus.com/bid/101844 http://www.securitytracker.com/id/1039800 https://helpx.adobe.com/security/products/experience-manager/apsb17-41.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2017-3109
https://notcve.org/view.php?id=CVE-2017-3109
An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. Adobe Experience Manager has a reflected cross-site scripting vulnerability in the HtmlRendererServlet. Se ha descubierto un problema en Adobe Experience Manager 6.3, 6.2, 6.1 y 6.0. Adobe Experience Manager tiene una vulnerabilidad de Cross-Site Scripting reflejado en HtmlRendererServlet. • http://www.securityfocus.com/bid/101834 http://www.securitytracker.com/id/1039800 https://helpx.adobe.com/security/products/experience-manager/apsb17-41.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-3111
https://notcve.org/view.php?id=CVE-2017-3111
An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. Sensitive tokens are included in http GET requests under certain circumstances. Se ha descubierto un problema en Adobe Experience Manager 6.3, 6.2, 6.1 y 6.0. Los tokens sensibles se incluyen en peticiones http GET bajo ciertas circunstancias. • http://www.securityfocus.com/bid/101843 http://www.securitytracker.com/id/1039800 https://helpx.adobe.com/security/products/experience-manager/apsb17-41.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-3107
https://notcve.org/view.php?id=CVE-2017-3107
Adobe Experience Manager 6.3 and earlier has a misconfiguration vulnerability. Adobe Experience Manager 6.3 y anteriores tiene una vulnerabilidad de error de configuración. • http://www.securityfocus.com/bid/100188 http://www.securitytracker.com/id/1039099 https://helpx.adobe.com/security/products/experience-manager/apsb17-26.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •