What is the severity of CVE-2020-9737?

CVE-2020-9737 has a severity rating of medium due to its potential impact from stored XSS attacks.

How do I fix CVE-2020-9737?

To resolve CVE-2020-9737, upgrade Adobe Experience Manager to version 6.5.6.0 or later, 6.4.8.2 or later, or 6.3.3.9 or later.

What type of vulnerability is CVE-2020-9737?

CVE-2020-9737 is a stored XSS vulnerability that allows attackers to store malicious scripts.

Who is impacted by CVE-2020-9737?

Users with access to the Content Repository Development Environment in the affected versions of Adobe Experience Manager are impacted by CVE-2020-9737.

Vulnerability/
CVE-2020-9737

medium

6.8

CWE

10/9/2020

17/9/2024

CVE-2020-9737: Stored XSS in AEM's Content Repository Development Environment

Q: Which versions of Adobe Experience Manager are affected by CVE-2020-9737?

CVE-2020-9737 affects AEM versions 6.5.5.0 and below, 6.4.8.1 and below, 6.3.3.8 and below, and 6.2 SP1-CFP20 and below.

First published: Thu Sep 10 2020(Updated: )

AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields. These scripts may be executed in a victim’s browser when they open the page containing the vulnerable field.

Credit: psirt@adobe.com

Affected Software	Affected Version	How to fix
Adobe Experience Manager	>=6.3.0.0<=6.3.3.8
Adobe Experience Manager	>=6.4.0.0<=6.4.8.1
Adobe Experience Manager	>=6.5.0.0<=6.5.5.0
Adobe Experience Manager	=6.2.0.0-sp1
Adobe Experience Manager	=6.2.0.0-sp1-cfp1
Adobe Experience Manager	=6.2.0.0-sp1-cfp10
Adobe Experience Manager	=6.2.0.0-sp1-cfp11
Adobe Experience Manager	=6.2.0.0-sp1-cfp12.1
Adobe Experience Manager	=6.2.0.0-sp1-cfp13
Adobe Experience Manager	=6.2.0.0-sp1-cfp14
Adobe Experience Manager	=6.2.0.0-sp1-cfp15
Adobe Experience Manager	=6.2.0.0-sp1-cfp16
Adobe Experience Manager	=6.2.0.0-sp1-cfp17
Adobe Experience Manager	=6.2.0.0-sp1-cfp18
Adobe Experience Manager	=6.2.0.0-sp1-cfp19
Adobe Experience Manager	=6.2.0.0-sp1-cfp2
Adobe Experience Manager	=6.2.0.0-sp1-cfp20
Adobe Experience Manager	=6.2.0.0-sp1-cfp3
Adobe Experience Manager	=6.2.0.0-sp1-cfp4
Adobe Experience Manager	=6.2.0.0-sp1-cfp5
Adobe Experience Manager	=6.2.0.0-sp1-cfp6
Adobe Experience Manager	=6.2.0.0-sp1-cfp7
Adobe Experience Manager	=6.2.0.0-sp1-cfp8
Adobe Experience Manager	=6.2.0.0-sp1-cfp9

Never miss a vulnerability like this again

Reference Links

https://helpx.adobe.com/security/products/experience-manager/apsb20-56.html

Frequently Asked Questions

What is the severity of CVE-2020-9737?
CVE-2020-9737 has a severity rating of medium due to its potential impact from stored XSS attacks.
How do I fix CVE-2020-9737?
To resolve CVE-2020-9737, upgrade Adobe Experience Manager to version 6.5.6.0 or later, 6.4.8.2 or later, or 6.3.3.9 or later.
Which versions of Adobe Experience Manager are affected by CVE-2020-9737?
CVE-2020-9737 affects AEM versions 6.5.5.0 and below, 6.4.8.1 and below, 6.3.3.8 and below, and 6.2 SP1-CFP20 and below.
What type of vulnerability is CVE-2020-9737?
CVE-2020-9737 is a stored XSS vulnerability that allows attackers to store malicious scripts.
Who is impacted by CVE-2020-9737?
Users with access to the Content Repository Development Environment in the affected versions of Adobe Experience Manager are impacted by CVE-2020-9737.

collector/nvd-index
agent/type
agent/softwarecombine
agent/severity
agent/references
agent/weakness
agent/title
agent/description
agent/author
agent/tags
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
agent/source
vendor/adobe
canonical/adobe experience manager
version/adobe experience manager/6.3.0.0
version/adobe experience manager/6.3.3.8
version/adobe experience manager/6.4.0.0
version/adobe experience manager/6.4.8.1
version/adobe experience manager/6.5.0.0
version/adobe experience manager/6.5.5.0
version/adobe experience manager/6.2.0.0-sp1
version/adobe experience manager/6.2.0.0-sp1-cfp1
version/adobe experience manager/6.2.0.0-sp1-cfp10
version/adobe experience manager/6.2.0.0-sp1-cfp11
version/adobe experience manager/6.2.0.0-sp1-cfp12.1
version/adobe experience manager/6.2.0.0-sp1-cfp13
version/adobe experience manager/6.2.0.0-sp1-cfp14
version/adobe experience manager/6.2.0.0-sp1-cfp15
version/adobe experience manager/6.2.0.0-sp1-cfp16
version/adobe experience manager/6.2.0.0-sp1-cfp17
version/adobe experience manager/6.2.0.0-sp1-cfp18
version/adobe experience manager/6.2.0.0-sp1-cfp19
version/adobe experience manager/6.2.0.0-sp1-cfp2
version/adobe experience manager/6.2.0.0-sp1-cfp20
version/adobe experience manager/6.2.0.0-sp1-cfp3
version/adobe experience manager/6.2.0.0-sp1-cfp4
version/adobe experience manager/6.2.0.0-sp1-cfp5
version/adobe experience manager/6.2.0.0-sp1-cfp6
version/adobe experience manager/6.2.0.0-sp1-cfp7
version/adobe experience manager/6.2.0.0-sp1-cfp8
version/adobe experience manager/6.2.0.0-sp1-cfp9

CVE-2020-9737: Stored XSS in AEM's Content Repository Development Environment

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2020-9737?

How do I fix CVE-2020-9737?

Which versions of Adobe Experience Manager are affected by CVE-2020-9737?

What type of vulnerability is CVE-2020-9737?

Who is impacted by CVE-2020-9737?

Company

Resources

Contact