// For flags

CVE-2023-48608

HTML Injection at `https://author-bugbounty-65-prod.adobecqms.net/libs/launches/content/launches.html`

Severity Score

3.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Adobe Experience Manager versions 6.5.18 and earlier are affected by an Improper Input Validation vulnerability. A low-privileged attacker could leverage this vulnerability to achieve a low-integrity impact within the application. Exploitation of this issue requires user interaction.

Las versiones 6.5.18 y anteriores de Adobe Experience Manager se ven afectadas por una vulnerabilidad de validación de entrada incorrecta. Un atacante con pocos privilegios podría aprovechar esta vulnerabilidad para lograr un impacto de baja integridad dentro de la aplicación. La explotación de este problema requiere la interacción del usuario.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2023-11-16 CVE Reserved
  • 2023-12-15 CVE Published
  • 2023-12-16 EPSS Updated
  • 2024-08-02 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-20: Improper Input Validation
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Adobe
Search vendor "Adobe"
 Experience Manager
Search vendor "Adobe" for product "Experience Manager"
 <= 6.5.18
Search vendor "Adobe" for product "Experience Manager" and version " <= 6.5.18"
-
Affected
Adobe
Search vendor "Adobe"
 Experience Manager
Search vendor "Adobe" for product "Experience Manager"
-cloud_service
Affected