CVE-2024-26126
HTML Injection at `https://author-bugbounty-65-prod.adobecqms.net/libs/cq/tagging/gui/content/tags/mergetag.html/*`
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect the integrity of the page. Exploitation of this issue requires user interaction.
Las versiones 6.5.20 y anteriores de Adobe Experience Manager se ven afectadas por una vulnerabilidad de validación de entrada incorrecta que podría provocar una omisión de la función de seguridad. Un atacante con pocos privilegios podría aprovechar esta vulnerabilidad para eludir las medidas de seguridad y afectar la integridad de la página. La explotación de este problema requiere la interacción del usuario.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2024-02-14 CVE Reserved
- 2024-06-13 CVE Published
- 2024-06-21 EPSS Updated
- 2024-08-01 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html | 2024-06-20 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Adobe Search vendor "Adobe" | Experience Manager Search vendor "Adobe" for product "Experience Manager" | < 6.5.21 Search vendor "Adobe" for product "Experience Manager" and version " < 6.5.21" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Experience Manager Search vendor "Adobe" for product "Experience Manager" | < 2024.5 Search vendor "Adobe" for product "Experience Manager" and version " < 2024.5" | aem_cloud_service |
Affected
| ||||||