CVE-2020-9647: XSS
First published: Fri Jun 12 2020(Updated: )
Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (dom-based) vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Experience Manager | >=6.4<6.4.8.1 | |
| Adobe Experience Manager | >=6.5<6.5.5.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2020-9647?
CVE-2020-9647 is considered a medium severity vulnerability due to the potential for arbitrary JavaScript execution.
How do I fix CVE-2020-9647?
To fix CVE-2020-9647, update Adobe Experience Manager to version 6.5.5.1 or later, or apply the recommended security patches.
What types of attacks are possible with CVE-2020-9647?
CVE-2020-9647 allows attackers to execute arbitrary JavaScript in the user's browser, which can lead to session hijacking or other malicious actions.
Which versions of Adobe Experience Manager are affected by CVE-2020-9647?
CVE-2020-9647 affects Adobe Experience Manager versions 6.5 and earlier, specifically prior to version 6.5.5.1.
Is CVE-2020-9647 a persistent vulnerability?
No, CVE-2020-9647 is a DOM-based cross-site scripting vulnerability that requires user interaction to exploit.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/remedy
- agent/last-modified-date
- agent/author
- agent/severity
- agent/weakness
- agent/tags
- agent/event
- agent/first-publish-date
- agent/description
- agent/source
- vendor/adobe
- canonical/adobe experience manager
- version/adobe experience manager/6.4
- version/adobe experience manager/6.5