What is the severity of CVE-2020-9736?

CVE-2020-9736 is classified as a medium-severity stored XSS vulnerability.

How do I fix CVE-2020-9736?

To fix CVE-2020-9736, upgrade to Adobe Experience Manager version 6.5.5.1 or later, or versions 6.4.8.2 and 6.3.3.9.

Which versions of Adobe Experience Manager are affected by CVE-2020-9736?

Affected versions include Adobe Experience Manager 6.5.5.0 and below, 6.4.8.1 and below, 6.3.3.8 and below, and 6.2 SP1-CFP20 and below.

What type of vulnerability is CVE-2020-9736?

CVE-2020-9736 is a stored cross-site scripting (XSS) vulnerability.

Can a user exploit CVE-2020-9736 remotely?

Yes, a user with access to the Content Repository Development Environment can exploit CVE-2020-9736 to store malicious scripts.

Vulnerability/
CVE-2020-9736

medium

6.8

CWE

10/9/2020

17/9/2024

CVE-2020-9736: Stored XSS in AEM's Content Repository Development Environment

First published: Thu Sep 10 2020(Updated: )

AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields. These scripts may be executed in a victim’s browser when browsing to the page containing the vulnerable field.

Credit: psirt@adobe.com

Affected Software	Affected Version	How to fix
Adobe Experience Manager	>=6.3.0.0<=6.3.3.8
Adobe Experience Manager	>=6.4.0.0<=6.4.8.1
Adobe Experience Manager	>=6.5.0.0<=6.5.5.0
Adobe Experience Manager	=6.2.0.0-sp1
Adobe Experience Manager	=6.2.0.0-sp1-cfp1
Adobe Experience Manager	=6.2.0.0-sp1-cfp10
Adobe Experience Manager	=6.2.0.0-sp1-cfp11
Adobe Experience Manager	=6.2.0.0-sp1-cfp12.1
Adobe Experience Manager	=6.2.0.0-sp1-cfp13
Adobe Experience Manager	=6.2.0.0-sp1-cfp14
Adobe Experience Manager	=6.2.0.0-sp1-cfp15
Adobe Experience Manager	=6.2.0.0-sp1-cfp16
Adobe Experience Manager	=6.2.0.0-sp1-cfp17
Adobe Experience Manager	=6.2.0.0-sp1-cfp18
Adobe Experience Manager	=6.2.0.0-sp1-cfp19
Adobe Experience Manager	=6.2.0.0-sp1-cfp2
Adobe Experience Manager	=6.2.0.0-sp1-cfp20
Adobe Experience Manager	=6.2.0.0-sp1-cfp3
Adobe Experience Manager	=6.2.0.0-sp1-cfp4
Adobe Experience Manager	=6.2.0.0-sp1-cfp5
Adobe Experience Manager	=6.2.0.0-sp1-cfp6
Adobe Experience Manager	=6.2.0.0-sp1-cfp7
Adobe Experience Manager	=6.2.0.0-sp1-cfp8
Adobe Experience Manager	=6.2.0.0-sp1-cfp9

Never miss a vulnerability like this again

Reference Links

https://helpx.adobe.com/security/products/experience-manager/apsb20-56.html

Frequently Asked Questions

What is the severity of CVE-2020-9736?
CVE-2020-9736 is classified as a medium-severity stored XSS vulnerability.
How do I fix CVE-2020-9736?
To fix CVE-2020-9736, upgrade to Adobe Experience Manager version 6.5.5.1 or later, or versions 6.4.8.2 and 6.3.3.9.
Which versions of Adobe Experience Manager are affected by CVE-2020-9736?
Affected versions include Adobe Experience Manager 6.5.5.0 and below, 6.4.8.1 and below, 6.3.3.8 and below, and 6.2 SP1-CFP20 and below.
What type of vulnerability is CVE-2020-9736?
CVE-2020-9736 is a stored cross-site scripting (XSS) vulnerability.
Can a user exploit CVE-2020-9736 remotely?
Yes, a user with access to the Content Repository Development Environment can exploit CVE-2020-9736 to store malicious scripts.

collector/nvd-index
agent/type
agent/severity
agent/references
agent/weakness
agent/title
agent/softwarecombine
agent/description
agent/author
agent/tags
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
agent/first-publish-date
agent/source
vendor/adobe
canonical/adobe experience manager
version/adobe experience manager/6.3.0.0
version/adobe experience manager/6.3.3.8
version/adobe experience manager/6.4.0.0
version/adobe experience manager/6.4.8.1
version/adobe experience manager/6.5.0.0
version/adobe experience manager/6.5.5.0
version/adobe experience manager/6.2.0.0-sp1
version/adobe experience manager/6.2.0.0-sp1-cfp1
version/adobe experience manager/6.2.0.0-sp1-cfp10
version/adobe experience manager/6.2.0.0-sp1-cfp11
version/adobe experience manager/6.2.0.0-sp1-cfp12.1
version/adobe experience manager/6.2.0.0-sp1-cfp13
version/adobe experience manager/6.2.0.0-sp1-cfp14
version/adobe experience manager/6.2.0.0-sp1-cfp15
version/adobe experience manager/6.2.0.0-sp1-cfp16
version/adobe experience manager/6.2.0.0-sp1-cfp17
version/adobe experience manager/6.2.0.0-sp1-cfp18
version/adobe experience manager/6.2.0.0-sp1-cfp19
version/adobe experience manager/6.2.0.0-sp1-cfp2
version/adobe experience manager/6.2.0.0-sp1-cfp20
version/adobe experience manager/6.2.0.0-sp1-cfp3
version/adobe experience manager/6.2.0.0-sp1-cfp4
version/adobe experience manager/6.2.0.0-sp1-cfp5
version/adobe experience manager/6.2.0.0-sp1-cfp6
version/adobe experience manager/6.2.0.0-sp1-cfp7
version/adobe experience manager/6.2.0.0-sp1-cfp8
version/adobe experience manager/6.2.0.0-sp1-cfp9