CVE-2024-26089
Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue requires user interaction, as the victim needs to visit a web page with a maliciously crafted script.
Las versiones 6.5.20 y anteriores de Adobe Experience Manager Respuesta: se ven afectadas por una vulnerabilidad de cross-site scripting (XSS) basada en DOM. Esta vulnerabilidad podría permitir a un atacante ejecutar código JavaScript arbitrario en el contexto de la sesión del navegador de la víctima. La explotación de este problema requiere la interacción del usuario, ya que la víctima necesita visitar una página web con un script creado con fines malintencionados.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-02-14 CVE Reserved
- 2024-06-13 CVE Published
- 2024-07-15 EPSS Updated
- 2024-10-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | 2024-06-17 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Adobe Search vendor "Adobe" | Experience Manager Search vendor "Adobe" for product "Experience Manager" | < 6.5.21 Search vendor "Adobe" for product "Experience Manager" and version " < 6.5.21" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Experience Manager Search vendor "Adobe" for product "Experience Manager" | < 2024.5 Search vendor "Adobe" for product "Experience Manager" and version " < 2024.5" | aem_cloud_service |
Affected
| ||||||