CVE-2021-40711
Adobe Experience Manager Stored Cross-Site Scripting Could Lead to Arbitrary Code Execution
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a stored XSS vulnerability when creating Content Fragments. An authenticated attacker can send a malformed POST request to achieve arbitrary code execution. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
Adobe Experience Manager versiones 6.5.9.0 (y anteriores) se ve afectada por una vulnerabilidad de XSS almacenada al crear fragmentos de contenido. Un atacante autenticado puede enviar una solicitud POST malformada para lograr la ejecución de código arbitrario. El JavaScript malicioso puede ejecutarse en el navegador de la víctima cuando ésta navega a la página que contiene el campo vulnerable
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-09-08 CVE Reserved
- 2021-09-27 CVE Published
- 2023-04-20 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://helpx.adobe.com/security/products/experience-manager/apsb21-82.html | 2022-02-04 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Adobe Search vendor "Adobe" | Experience Manager Search vendor "Adobe" for product "Experience Manager" | <= 6.5.9.0 Search vendor "Adobe" for product "Experience Manager" and version " <= 6.5.9.0" | - |
Affected
|