First published: Tue Sep 08 2020(Updated: )
The AEM Forms add-on for versions 6.5.5.0 (and below) and 6.4.8.2 (and below) are affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Sites component. These scripts may be executed in a victim’s browser when they open the page containing the vulnerable field.
Credit: psirt@adobe.com
Affected Software | Affected Version | How to fix |
---|---|---|
Adobe Experience Manager | <=6.2.1.20 | |
Adobe Experience Manager | >=6.3.0.0<=6.3.3.8 | |
Adobe Experience Manager | >=6.4.0.0<=6.4.8.1 | |
Adobe Experience Manager | >=6.5.0.0<=6.5.5.0 | |
Adobe Experience Manager Forms Add-on | =6.4.8.1 | |
Adobe Experience Manager Forms Add-on | =6.5.5.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-9732 has a CVSS score indicating a high severity due to its potential for stored XSS attacks.
To fix CVE-2020-9732, upgrade to Adobe Experience Manager versions above 6.5.5.0 or 6.4.8.2.
CVE-2020-9732 affects users with 'Author' privileges in Adobe Experience Manager Forms versions 6.5.5.0 and below and 6.4.8.2 and below.
CVE-2020-9732 allows for stored XSS attacks where malicious scripts can be executed in the context of the victim's browser.
Adobe Experience Manager versions 6.5.5.0 and below, and 6.4.8.2 and below are impacted by CVE-2020-9732.