CVE-2022-28851 An XSS vulnerability exists in Adobe Experience Manager versions 6.5.13 and earlier.
All Adobe Experience Manager versions prior to 6.5.13.0 are affected by a XSS flaw due to failed XSS filter validation. This issue exists in the default instance of the AEM application. All AEM installations on Windows are affected by a XSS flaw due to failed XSS filter validation. This issue exists in the default instance of the AEM application. All AEM installations on Mac are affected by a XSS flaw due to failed XSS filter validation. This issue exists in the default instance of the AEM application. In order to exploit this issue, an attacker must be able to persuade a victim to visit a maliciously crafted URL. All AEM versions prior to 6.5.13.0 are affected by a XSS flaw due to failed XSS filter validation. This issue exists in the default instance of the AEM application. All AEM installations on Windows are affected by a XSS flaw due to failed XSS filter validation. This issue exists in the default instance of the AEM application. All AEM installations on Mac are affected by a XSS flaw due to failed XSS filter validation. This issue exists in the default instance of the AEM application. In order to exploit this issue, an attacker must be able to persuade a victim to visit a maliciously crafted URL. An attacker may leverage this vulnerability to steal cookie-based authentication credentials, view personal information, conduct phishing campaigns, or manipulate data. An attacker may leverage this vulnerability
Vulnerability overview
A cross-site scripting issue exists in the default instance of Adobe Experience Manager. This issue exists in the default instance of the AEM application. A cross-site scripting issue exists in the default instance of Adobe Experience Manager. This issue exists in the default instance of the AEM application.
This vulnerability requires an attacker to persuade a victim to visit a maliciously crafted URL. All Adobe Experience Manager installations on Windows are affected by a XSS flaw due to failed XSS filter validation. This issue exists in the default instance of the AEM application. All Adobe Experience Manager installations on Mac are affected by a XSS flaw due to failed XSS filter validation. This issue exist in the default instance of the AEM application. In order to exploit this issue, an attacker must be able to persuade a victim to visit a maliciously crafted URL.
Vulnerability overview\u00a0
Adobe Experience Manager is a web-based tool that allows organizations to manage their digital experiences. It includes features such as user management, ecommerce, and social media integration.
The vulnerability exists in the AEM HTML API which is used by third party developers to integrate the application into their websites.
A successful exploit of this vulnerability could allow an attacker to gain unauthorized access to the AEM administrative console, view personal information, conduct phishing campaigns, or manipulate data.
Timeline
Published on: 09/30/2022 17:15:00 UTC
Last modified on: 10/04/2022 18:22:00 UTC