Skip to main content

Experience Manager

947 CVEs product

Monthly

CVE-2019-8085 MEDIUM This Month

Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a reflected cross site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Information Disclosure Adobe Experience Manager
NVD
CVSS 3.1
6.1
EPSS
1.5%
CVE-2019-8084 MEDIUM This Month

Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a reflected cross site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Information Disclosure Adobe Experience Manager
NVD
CVSS 3.1
6.1
EPSS
1.5%
CVE-2019-8083 MEDIUM This Month

Adobe Experience Manager versions 6.5, 6.4 and 6.3 have a cross site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Information Disclosure Adobe Experience Manager
NVD
CVSS 3.1
6.1
EPSS
1.5%
CVE-2019-8082 HIGH This Week

Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a xml external entity injection vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Information Disclosure Adobe Experience Manager
NVD
CVSS 3.1
7.5
EPSS
3.2%
CVE-2019-8081 HIGH This Week

Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have an authentication bypass vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Adobe Experience Manager
NVD
CVSS 3.1
7.5
EPSS
3.3%
CVE-2019-8080 MEDIUM This Month

Adobe Experience Manager versions 6.4 and 6.3 have a stored cross site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Privilege Escalation Adobe Experience Manager
NVD
CVSS 3.1
6.1
EPSS
1.8%
CVE-2019-8079 MEDIUM This Month

Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Information Disclosure Adobe Experience Manager
NVD
CVSS 3.1
6.1
EPSS
1.5%
CVE-2019-8078 MEDIUM This Month

Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a reflected cross site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Information Disclosure Adobe Experience Manager
NVD
CVSS 3.1
6.1
EPSS
1.6%
CVE-2019-7964 CRITICAL Act Now

Adobe Experience Manager versions 6.5, and 6.4 have an authentication bypass vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Adobe Experience Manager
NVD
CVSS 3.0
9.8
EPSS
10.2%
CVE-2019-7955 MEDIUM This Month

Adobe Experience Manager version 6.4 and ealier have a Reflected Cross-site Scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Information Disclosure Adobe Experience Manager
NVD
CVSS 3.0
6.1
EPSS
2.1%
CVE-2019-7954 MEDIUM This Month

Adobe Experience Manager version 6.4 and ealier have a Stored Cross-site Scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Information Disclosure Adobe Experience Manager
NVD
CVSS 3.0
6.1
EPSS
1.7%
CVE-2019-7953 MEDIUM This Month

Adobe Experience Manager version 6.4 and ealier have a Cross-Site Request Forgery vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Adobe CSRF Experience Manager
NVD
CVSS 3.0
6.5
EPSS
2.7%
CVE-2018-15973 MEDIUM PATCH This Month

Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Information Disclosure Adobe Experience Manager
NVD
CVSS 3.0
6.1
EPSS
2.4%
CVE-2018-15972 MEDIUM PATCH This Month

Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Information Disclosure Adobe Experience Manager
NVD
CVSS 3.0
6.1
EPSS
2.4%
CVE-2018-15971 MEDIUM PATCH This Month

Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Information Disclosure Adobe Experience Manager
NVD
CVSS 3.0
6.1
EPSS
1.9%
CVE-2018-15970 MEDIUM PATCH This Month

Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Information Disclosure Adobe Experience Manager
NVD
CVSS 3.0
6.1
EPSS
1.9%
CVE-2018-15969 MEDIUM PATCH This Month

Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Information Disclosure Adobe Experience Manager
NVD
CVSS 3.0
6.1
EPSS
1.9%
CVE-2018-5005 MEDIUM PATCH This Month

Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a Cross-site Scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Information Disclosure Adobe Experience Manager
NVD
CVSS 3.0
6.1
EPSS
3.9%
CVE-2018-12807 MEDIUM This Month

Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have an input validation bypass vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Adobe Experience Manager
NVD
CVSS 3.0
5.3
EPSS
4.9%
CVE-2018-12806 MEDIUM PATCH This Month

Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Information Disclosure Adobe Experience Manager
NVD
CVSS 3.0
6.1
EPSS
3.9%
CVE-2018-5006 HIGH This Week

Adobe Experience Manager versions 6.4 and earlier have a Server-Side Request Forgery vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe SSRF Information Disclosure Experience Manager
NVD
CVSS 3.0
7.5
EPSS
53.8%
CVE-2018-5004 HIGH PATCH This Week

Adobe Experience Manager versions 6.2 and 6.3 have a Server-Side Request Forgery vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Adobe SSRF Information Disclosure Experience Manager
NVD
CVSS 3.0
7.5
EPSS
4.3%
CVE-2018-12809 HIGH This Week

Adobe Experience Manager versions 6.4 and earlier have a Server-Side Request Forgery vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe SSRF Information Disclosure Experience Manager
NVD
CVSS 3.0
7.5
EPSS
4.9%
CVE-2018-4931 MEDIUM This Month

Adobe Experience Manager versions 6.1 and earlier have an exploitable stored cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Information Disclosure Adobe Experience Manager
NVD
CVSS 3.0
6.1
EPSS
1.9%
CVE-2018-4930 MEDIUM This Month

Adobe Experience Manager versions 6.3 and earlier have an exploitable Cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Information Disclosure Adobe Experience Manager
NVD
CVSS 3.0
6.1
EPSS
1.9%
CVE-2018-4929 MEDIUM This Month

Adobe Experience Manager versions 6.2 and earlier have an exploitable stored cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Information Disclosure Adobe Experience Manager
NVD
CVSS 3.0
6.1
EPSS
1.9%
CVE-2018-4876 MEDIUM PATCH This Month

Adobe Experience Manager versions 6.3, 6.2, and 6.1 are vulnerable to cross-site scripting via a bypass of the Sling XSSAPI#getValidHref function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Adobe Experience Manager
NVD
CVSS 3.0
6.1
EPSS
3.9%
CVE-2018-4875 MEDIUM PATCH This Month

Adobe Experience Manager versions 6.1 and 6.0 are vulnerable to a reflected cross-site scripting vulnerability related to the handling of malicious content embedded in image files uploaded to the DAM. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Adobe Experience Manager
NVD
CVSS 3.0
6.1
EPSS
2.9%
CVE-2017-3111 HIGH This Week

An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Information Disclosure Experience Manager
NVD
CVSS 3.0
7.5
EPSS
9.6%
CVE-2017-3109 MEDIUM This Month

An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Adobe Experience Manager
NVD
CVSS 3.0
6.1
EPSS
1.5%
CVE-2017-11296 MEDIUM This Month

An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Adobe Apache Experience Manager
NVD
CVSS 3.0
6.1
EPSS
1.5%
CVE-2017-3110 HIGH PATCH This Week

Adobe Experience Manager 6.1 and earlier has a sensitive data exposure vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Adobe Information Disclosure Experience Manager
NVD
CVSS 3.0
7.5
EPSS
9.6%
CVE-2017-3108 CRITICAL PATCH Act Now

Adobe Experience Manager 6.2 and earlier has a malicious file execution vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 10.2%.

Adobe File Upload Experience Manager
NVD
CVSS 3.0
9.8
EPSS
10.2%
CVE-2017-3107 HIGH PATCH This Week

Adobe Experience Manager 6.3 and earlier has a misconfiguration vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Adobe Information Disclosure Experience Manager
NVD
CVSS 3.0
7.5
EPSS
9.6%
CVE-2016-7885 HIGH PATCH This Week

Adobe Experience Manager versions 6.2 and earlier have a vulnerability that could be used in Cross-Site Request Forgery attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

Adobe CSRF Experience Manager
NVD
CVSS 3.0
8.8
EPSS
1.2%
CVE-2016-7884 MEDIUM PATCH This Month

Adobe Experience Manager versions 6.1 and earlier have an input validation issue in the DAM create assets that could be used in cross-site scripting attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Adobe Experience Manager
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2016-7883 MEDIUM PATCH This Month

Adobe Experience Manager version 6.2 has an input validation issue in create Launch wizard that could be used in cross-site scripting attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Adobe Experience Manager
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2016-7882 MEDIUM PATCH This Month

Adobe Experience Manager versions 6.2 and earlier have an input validation issue in the WCMDebug filter that could be used in cross-site scripting attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Adobe Experience Manager
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2016-6933 MEDIUM PATCH This Month

Adobe Experience Manager Forms versions 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4 have an input validation issue in the AACComponent that could be used in cross-site scripting attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Adobe Experience Manager Livecycle
NVD
CVSS 3.0
6.1
EPSS
1.2%
CVE-2016-4253 MEDIUM PATCH This Month

The Backup functionality in Adobe Experience Manager 5.6.1, 6.0, 6.1, and 6.2 allows attackers to obtain sensitive information via unspecified vectors. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Adobe Information Disclosure Experience Manager
NVD
CVSS 3.0
5.3
EPSS
2.7%
CVE-2016-4170 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Adobe Experience Manager 5.6.1, 6.0, 6.1, and 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Adobe Experience Manager
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2016-4169 MEDIUM PATCH This Month

Adobe Experience Manager 6.0, 6.1, and 6.2 allow attackers to obtain sensitive audit log event information via unspecified vectors. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Adobe Information Disclosure Experience Manager
NVD
CVSS 3.0
5.3
EPSS
2.4%
CVE-2016-4168 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Adobe Experience Manager 5.6.1, 6.0, and 6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Adobe Experience Manager
NVD
CVSS 3.0
6.1
EPSS
0.6%
CVE-2016-0958 HIGH PATCH This Week

Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 might allow remote attackers to have an unspecified impact via a crafted serialized Java object. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Adobe Information Disclosure Java Experience Manager
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2016-0957 HIGH POC PATCH THREAT Act Now

Dispatcher before 4.1.5 in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 does not properly implement a URL filter, which allows remote attackers to bypass dispatcher rules via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 93.2%.

Adobe Authentication Bypass Dispatcher Experience Manager
NVD
CVSS 3.0
7.5
EPSS
93.2%
Threat
5.8
CVE-2016-0956 Maven HIGH POC PATCH THREAT Act Now

The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 13.3%.

Adobe Information Disclosure Apache Sling Experience Manager
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
13.3%
CVE-2016-0955 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Adobe Experience Manager (AEM) 6.1.0 allows remote authenticated users to inject arbitrary web script or HTML via a folder title field that is mishandled. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Adobe Experience Manager
NVD
CVSS 3.0
6.1
EPSS
0.3%
EPSS 1% CVSS 6.1
MEDIUM This Month

Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a reflected cross site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Information Disclosure Adobe +1
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a reflected cross site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Information Disclosure Adobe +1
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Adobe Experience Manager versions 6.5, 6.4 and 6.3 have a cross site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Information Disclosure Adobe +1
NVD
EPSS 3% CVSS 7.5
HIGH This Week

Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a xml external entity injection vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Information Disclosure Adobe +1
NVD
EPSS 3% CVSS 7.5
HIGH This Week

Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have an authentication bypass vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Adobe +1
NVD
EPSS 2% CVSS 6.1
MEDIUM This Month

Adobe Experience Manager versions 6.4 and 6.3 have a stored cross site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Privilege Escalation Adobe +1
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Information Disclosure Adobe +1
NVD
EPSS 2% CVSS 6.1
MEDIUM This Month

Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a reflected cross site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Information Disclosure Adobe +1
NVD
EPSS 10% CVSS 9.8
CRITICAL Act Now

Adobe Experience Manager versions 6.5, and 6.4 have an authentication bypass vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Adobe +1
NVD
EPSS 2% CVSS 6.1
MEDIUM This Month

Adobe Experience Manager version 6.4 and ealier have a Reflected Cross-site Scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Information Disclosure Adobe +1
NVD
EPSS 2% CVSS 6.1
MEDIUM This Month

Adobe Experience Manager version 6.4 and ealier have a Stored Cross-site Scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Information Disclosure Adobe +1
NVD
EPSS 3% CVSS 6.5
MEDIUM This Month

Adobe Experience Manager version 6.4 and ealier have a Cross-Site Request Forgery vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Adobe CSRF +1
NVD
EPSS 2% CVSS 6.1
MEDIUM PATCH This Month

Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Information Disclosure Adobe +1
NVD
EPSS 2% CVSS 6.1
MEDIUM PATCH This Month

Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Information Disclosure Adobe +1
NVD
EPSS 2% CVSS 6.1
MEDIUM PATCH This Month

Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Information Disclosure Adobe +1
NVD
EPSS 2% CVSS 6.1
MEDIUM PATCH This Month

Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Information Disclosure Adobe +1
NVD
EPSS 2% CVSS 6.1
MEDIUM PATCH This Month

Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Information Disclosure Adobe +1
NVD
EPSS 4% CVSS 6.1
MEDIUM PATCH This Month

Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a Cross-site Scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Information Disclosure Adobe +1
NVD
EPSS 5% CVSS 5.3
MEDIUM This Month

Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have an input validation bypass vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Adobe Experience Manager
NVD
EPSS 4% CVSS 6.1
MEDIUM PATCH This Month

Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Information Disclosure Adobe +1
NVD
EPSS 54% CVSS 7.5
HIGH This Week

Adobe Experience Manager versions 6.4 and earlier have a Server-Side Request Forgery vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe SSRF Information Disclosure +1
NVD
EPSS 4% CVSS 7.5
HIGH PATCH This Week

Adobe Experience Manager versions 6.2 and 6.3 have a Server-Side Request Forgery vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Adobe SSRF Information Disclosure +1
NVD
EPSS 5% CVSS 7.5
HIGH This Week

Adobe Experience Manager versions 6.4 and earlier have a Server-Side Request Forgery vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe SSRF Information Disclosure +1
NVD
EPSS 2% CVSS 6.1
MEDIUM This Month

Adobe Experience Manager versions 6.1 and earlier have an exploitable stored cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Information Disclosure Adobe +1
NVD
EPSS 2% CVSS 6.1
MEDIUM This Month

Adobe Experience Manager versions 6.3 and earlier have an exploitable Cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Information Disclosure Adobe +1
NVD
EPSS 2% CVSS 6.1
MEDIUM This Month

Adobe Experience Manager versions 6.2 and earlier have an exploitable stored cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Information Disclosure Adobe +1
NVD
EPSS 4% CVSS 6.1
MEDIUM PATCH This Month

Adobe Experience Manager versions 6.3, 6.2, and 6.1 are vulnerable to cross-site scripting via a bypass of the Sling XSSAPI#getValidHref function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Adobe Experience Manager
NVD
EPSS 3% CVSS 6.1
MEDIUM PATCH This Month

Adobe Experience Manager versions 6.1 and 6.0 are vulnerable to a reflected cross-site scripting vulnerability related to the handling of malicious content embedded in image files uploaded to the DAM. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Adobe Experience Manager
NVD
EPSS 10% CVSS 7.5
HIGH This Week

An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Information Disclosure Experience Manager
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Adobe Experience Manager
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Adobe Apache +1
NVD
EPSS 10% CVSS 7.5
HIGH PATCH This Week

Adobe Experience Manager 6.1 and earlier has a sensitive data exposure vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Adobe Information Disclosure Experience Manager
NVD
EPSS 10% CVSS 9.8
CRITICAL PATCH Act Now

Adobe Experience Manager 6.2 and earlier has a malicious file execution vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 10.2%.

Adobe File Upload Experience Manager
NVD
EPSS 10% CVSS 7.5
HIGH PATCH This Week

Adobe Experience Manager 6.3 and earlier has a misconfiguration vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Adobe Information Disclosure Experience Manager
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Adobe Experience Manager versions 6.2 and earlier have a vulnerability that could be used in Cross-Site Request Forgery attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

Adobe CSRF Experience Manager
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Adobe Experience Manager versions 6.1 and earlier have an input validation issue in the DAM create assets that could be used in cross-site scripting attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Adobe Experience Manager
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Adobe Experience Manager version 6.2 has an input validation issue in create Launch wizard that could be used in cross-site scripting attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Adobe Experience Manager
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Adobe Experience Manager versions 6.2 and earlier have an input validation issue in the WCMDebug filter that could be used in cross-site scripting attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Adobe Experience Manager
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Adobe Experience Manager Forms versions 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4 have an input validation issue in the AACComponent that could be used in cross-site scripting attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Adobe Experience Manager +1
NVD
EPSS 3% CVSS 5.3
MEDIUM PATCH This Month

The Backup functionality in Adobe Experience Manager 5.6.1, 6.0, 6.1, and 6.2 allows attackers to obtain sensitive information via unspecified vectors. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Adobe Information Disclosure Experience Manager
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Adobe Experience Manager 5.6.1, 6.0, 6.1, and 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Adobe Experience Manager
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

Adobe Experience Manager 6.0, 6.1, and 6.2 allow attackers to obtain sensitive audit log event information via unspecified vectors. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Adobe Information Disclosure Experience Manager
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Adobe Experience Manager 5.6.1, 6.0, and 6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Adobe Experience Manager
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 might allow remote attackers to have an unspecified impact via a crafted serialized Java object. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Adobe Information Disclosure Java +1
NVD
EPSS 93% 5.8 CVSS 7.5
HIGH POC PATCH THREAT Act Now

Dispatcher before 4.1.5 in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 does not properly implement a URL filter, which allows remote attackers to bypass dispatcher rules via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 93.2%.

Adobe Authentication Bypass Dispatcher +1
NVD
EPSS 13% CVSS 7.5
HIGH POC PATCH THREAT Act Now

The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 13.3%.

Adobe Information Disclosure Apache +2
NVD Exploit-DB
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Adobe Experience Manager (AEM) 6.1.0 allows remote authenticated users to inject arbitrary web script or HTML via a folder title field that is mishandled. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Adobe Experience Manager
NVD
Prev Page 11 of 11

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy