Latest adobe experience manager Vulnerabilities

CVE-2023-51463
Reflected XSS in `libs/cq/gui/components/siteadmin/admin/createlanguagecopywizard/clientlibs/createlanguagecopy/js/createlanguagecopy.js`
Adobe Experience Manager<=6.5.18
Adobe Experience Manager
CVE-2023-51464
Stored XSS in forms via advanced CSS styles configuration, triggers when a user edits the styles
Adobe Experience Manager<=6.5.18
Adobe Experience Manager
CVE-2023-51458
Stored XSS in `libs/cq/gui/components/projects/admin/translation/job/addcontent/clientlibs/js/addcontent.js`
Adobe Experience Manager<=6.5.18.0
Adobe Experience Manager<2023.11.0
CVE-2023-51462
Cloud XSS - /libs/wcm/core/content/sites/createsitefromstarterkitwizard.html
Adobe Experience Manager<=6.5.18
Adobe Experience Manager<2023.11.0
CVE-2023-51460
Stored XSS in `libs/granite/ui/components/coral/foundation/clientlibs/foundation/js/granite/toggleable/control.js`
Adobe Experience Manager<=6.5.18.0
Adobe Experience Manager<2023.11.0
CVE-2023-51461
Admin Account Takeover using Stored XSS
Adobe Experience Manager<=6.5.18.0
Adobe Experience Manager<2023.11.0
CVE-2023-51457
Stored XSS in `/libs/granite/ui/components/coral/foundation/clientlibs/foundation/js/granite/collection/create.js`
Adobe Experience Manager<=6.5.18.0
Adobe Experience Manager<2023.11.0
CVE-2023-51459
AMS XSS - /libs/dam/gui/coral/components/admin/folderschemaforms/formbuilder/formfields/v2/dropdownfield (encoded HTML attributes without quotes)
Adobe Experience Manager<=6.5.18.0
Adobe Experience Manager<2023.11.0
CVE-2023-48522
Stored XSS in `libs/granite/ui/components/coral/foundation/clientlibs/foundation/js/collection/selectall/selectall.js`
Adobe Experience Manager<=6.5.18.0
Adobe Experience Manager Cloud Service<2023.11
CVE-2023-48512
Stored XSS on `https://author-bugbounty-65-prod.adobecqms.net/` via Adaptive form fragment `title` input and triggered at Create Language Copy
Adobe Experience Manager<=6.5.18.0
Adobe Experience Manager Cloud Service<2023.11
CVE-2023-48604
Validate Your Inputs | Cross-site Scripting (Stored XSS) (CWE-79)
Adobe Experience Manager<=6.5.18
Adobe Experience Manager
CVE-2023-48468
DOM XSS in `libs/cq/workflow/admin/console/components/clientlibs/js/action/workflow.editModel.js`
Adobe Experience Manager<=6.5.18.0
Adobe Experience Manager Cloud Service<2023.11
CVE-2023-48501
AMS XSS - /libs/fd/foundation/gui/content/migration/status.html
Adobe Experience Manager<=6.5.18.0
Adobe Experience Manager Cloud Service<2023.11
CVE-2023-48564
AMS XSS - /libs/fd/af/layouts/panel/verticalTabbedPanelLayout/defaultNavigatorLayout.jsp
Adobe Experience Manager<=6.5.18
Adobe Experience Manager
CVE-2023-48607
Reflected XSS in libs/cq/gui/components/projects/admin/clientlibs/forms/js/form.response.openprompt.js
Adobe Experience Manager<=6.5.18
Adobe Experience Manager
CVE-2023-48454
DOM XSS in `libs/cq/personalization/touch-ui/clientlibs/activities/activities.js`
Adobe Experience Manager<=6.5.18.0
Adobe Experience Manager Cloud Service<2023.11
CVE-2023-48503
Stored XSS in libs/dam/gui/components/admin/collections/collectionsettings/clientlibs/collectionsettings/js/collectionsettings.js
Adobe Experience Manager<=6.5.18.0
Adobe Experience Manager Cloud Service<2023.11
CVE-2023-48538
Stored XSS in libs/cq/gui/components/projects/admin/clientlibs/projects/js/projects.js via window.location
Adobe Experience Manager<=6.5.18.0
Adobe Experience Manager Cloud Service<2023.11
CVE-2023-48589
DOM XSS in `/libs/cq/gui/components/workflow/editor/clientlibs/workflow/init/js/init.js`
Adobe Experience Manager<=6.5.18
Adobe Experience Manager
CVE-2023-48473
DOM XSS in `libs/granite/cloudsettings/components/clientlibs/js/edit.js`
Adobe Experience Manager<=6.5.18.0
Adobe Experience Manager Cloud Service<2023.11
CVE-2023-48496
DOM XSS in `libs/clientlibs/social/enablement/core/jquery.buttonEnabler.js`
Adobe Experience Manager<=6.5.18.0
Adobe Experience Manager Cloud Service<2023.11
CVE-2023-48441
Servlet - /bin/wcm/contentfinder/asset/view?itemResourceType allows users to execute internal AEM code
Adobe Experience Manager<=6.5.18.0
Adobe Experience Manager
CVE-2023-48591
DOM XSS in `/libs/fd/fm/gui/components/admin/assetreview/startreviewwizard/clientlibs/startreviewwizard/js/startreviewwizard.js`
Adobe Experience Manager<=6.5.18
Adobe Experience Manager
CVE-2023-48505
Stored XSS in `libs/cq/gui/components/common/admin/navigationpanel/clientlibs/navigationpanel/js/activator.click.js`
Adobe Experience Manager<=6.5.18.0
Adobe Experience Manager Cloud Service<2023.11
CVE-2023-48567
DOM XSS in `/libs/cq/gui/components/siteadmin/admin/properties/localacl/localacllistitem/clientlibs/js/permissions.js`
Adobe Experience Manager<=6.5.18
Adobe Experience Manager
CVE-2023-48550
Stored XSS in `/libs/cq/workflow/gui/components/inbox/actions/clientlibs/showdetails/showdetails.js`
Adobe Experience Manager<=6.5.18.0
Adobe Experience Manager Cloud Service<2023.11
CVE-2023-48575
Stored XSS at `https://author-bugbounty-65-prod.adobecqms.net/etc/cloudservices/testandtarget/*`
Adobe Experience Manager<=6.5.18
Adobe Experience Manager
CVE-2023-48581
Stored XSS at `https://author-bugbounty-65-prod.adobecqms.net/libs/fd/fm/base/content/moveasset/moveassetwizard.html/*`
Adobe Experience Manager<=6.5.18
Adobe Experience Manager
CVE-2023-48624
AMS XSS - /libs/fd/af/components/panel/panel.jsp (retest 6.5.18 - 1929840 not fixed)
Adobe Experience Manager<=6.5.18
Adobe Experience Manager
CVE-2023-48488
DOM XSS in `libs/dam/gui/components/s7dam/metadataprofiles/metadataschemas/clientlibs/metadataschemas/js/applyprofile.js`
Adobe Experience Manager<=6.5.18.0
Adobe Experience Manager Cloud Service<2023.11
CVE-2023-48622
AMS XSS - /libs/fd/fp/components/actions/saveGuideDraft
Adobe Experience Manager<=6.5.18
Adobe Experience Manager
CVE-2023-48532
DOM XSS in `libs/cq/inbox/gui/components/inbox/taskmanagement/js/taskmanagement.js` (via doSubmit)
Adobe Experience Manager<=6.5.18.0
Adobe Experience Manager Cloud Service<2023.11
CVE-2023-48457
DOM XSS in `libs/cq/gui/components/projects/admin/reviewtd/clientlibs/js/compareAssets.js`
Adobe Experience Manager<=6.5.18.0
Adobe Experience Manager Cloud Service<2023.11
CVE-2023-48565
DOM XSS in `/libs/fd/pdfg/admin/html.jsp`
Adobe Experience Manager<=6.5.18
Adobe Experience Manager
CVE-2023-48481
DOM XSS in `libs/cq/gui/components/authoring/editors/clientlibs/core/js/actions/actions.viewInAdmin.js`
Adobe Experience Manager<=6.5.18.0
Adobe Experience Manager Cloud Service<2023.11
CVE-2023-48452
DOM XSS in `libs/dam/gui/coral/components/admin/unpublish/clientlibs/unpublishasset/unpublishasset.js`
Adobe Experience Manager<=6.5.18.0
Adobe Experience Manager Cloud Service<2023.11
CVE-2023-48614
DOM XSS in `libs/dam/gui/components/admin/cloudshare/clientlibs/ccsharepage/js/ccsharepage.js`
Adobe Experience Manager<=6.5.18
Adobe Experience Manager
CVE-2023-48451
DOM XSS in `libs/dam/gui/coral/components/admin/publish/clientlibs/publishasset/publishasset.js`
Adobe Experience Manager<=6.5.18.0
Adobe Experience Manager Cloud Service<2023.11
CVE-2023-48617
DOM XSS in `libs/cq/workflow/admin/console/components/launchers/clientlibs/js/launcher.create.submit.js`
Adobe Experience Manager<=6.5.18
Adobe Experience Manager
CVE-2023-48543
Stored XSS in `libs/cq/workflow/admin/console/components/clientlibs/js/form/form.js via workflowconsole.redirect`
Adobe Experience Manager<=6.5.18.0
Adobe Experience Manager Cloud Service<2023.11
CVE-2023-48527
Multiple stored XSS in `libs/clientlibs/social/hbs/moderationfoundation/moderationfoundation.js`
Adobe Experience Manager<=6.5.18.0
Adobe Experience Manager Cloud Service<2023.11
CVE-2023-48583
Stored XSS in `libs/granite/ui/components/coral/foundation/clientlibs/foundation/js/granite/collection/switcher.js`
Adobe Experience Manager<=6.5.18
Adobe Experience Manager
CVE-2023-48464
DOM XSS in `libs/dam/cfm/admin/clientlibs/admin/js/createFragment.js`
Adobe Experience Manager<=6.5.18.0
Adobe Experience Manager Cloud Service<2023.11
CVE-2023-48472
DOM XSS in `libs/wcm/msm/gui/components/clientlibs/js/cellselection.js`
Adobe Experience Manager<=6.5.18.0
Adobe Experience Manager Cloud Service<2023.11
CVE-2023-47064
AMS XSS - /libs/fd/af/components/guidecheckbox/widget.jsp (retest 6.5.18 - 2090066 new issue)
Adobe Experience Manager<=6.5.18.0
Adobe Experience Manager
CVE-2023-48613
Stored XSS in `libs/dam/gui/coral/components/admin/contentrenderer/column/columnpreview/clientlibs/columnpreview/js/columnpreview.js`
Adobe Experience Manager<=6.5.18
Adobe Experience Manager
CVE-2023-48483
DOM XSS in `libs/foundation/components/form/actions/store/clientlibs/store.js`
Adobe Experience Manager<=6.5.18.0
Adobe Experience Manager Cloud Service<2023.11
CVE-2023-48537
Stored XSS at `https://author-bugbounty-65-prod.adobecqms.net/etc/cloudservices/sitecatalyst/*`
Adobe Experience Manager<=6.5.18.0
Adobe Experience Manager Cloud Service<2023.11
CVE-2023-48620
AMS XSS - /libs/fd/af/layouts/mobile/common/navMenu.jsp
Adobe Experience Manager<=6.5.18
Adobe Experience Manager
CVE-2023-48587
DOM XSS in `/libs/cq/gui/components/siteadmin/admin/listview/coral/columns/clientlibs/columns/js/customanalyticscolumns.js`
Adobe Experience Manager<=6.5.18
Adobe Experience Manager

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203