CVE-2024-36228

Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)

Severity Score

5.4

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue requires user interaction, such as convincing a victim to click on a specially crafted link or to submit a form that triggers the vulnerability.

Las versiones 6.5.20 y anteriores de Adobe Experience Manager Respuesta: se ven afectadas por una vulnerabilidad de cross-site scripting (XSS) basada en DOM. Esta vulnerabilidad podría permitir a un atacante ejecutar código JavaScript arbitrario en el contexto de la sesión del navegador de la víctima. La explotación de este problema requiere la interacción del usuario, como convencer a la víctima de que haga clic en un enlace especialmente manipulado o que envíe un formulario que desencadene la vulnerabilidad.

*Credits: N/A

CVSS Scores

NISTv3.1 5.4

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-05-21 CVE Reserved
2024-06-13 CVE Published
2024-06-18 EPSS Updated
2024-10-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html	2024-06-17

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Adobe Search vendor "Adobe"		Experience Manager Search vendor "Adobe" for product "Experience Manager"				< 6.5.21 Search vendor "Adobe" for product "Experience Manager" and version " < 6.5.21"		-		Affected
Adobe Search vendor "Adobe"		Experience Manager Search vendor "Adobe" for product "Experience Manager"				< 2024.5 Search vendor "Adobe" for product "Experience Manager" and version " < 2024.5"		aem_cloud_service		Affected