critical
9
CWE
79
Advisory Published
Updated

CVE-2020-9740: Stored XSS in AEM Design Importer Component

First published: Thu Sep 10 2020(Updated: )

AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Design Importer. These scripts may be executed in a victim’s browser when they open the page containing the vulnerable field.

Credit: psirt@adobe.com

Affected SoftwareAffected VersionHow to fix
Adobe Experience Manager>=6.3.0.0<=6.3.3.8
Adobe Experience Manager>=6.4.0.0<=6.4.8.1
Adobe Experience Manager>=6.5.0.0<=6.5.5.0
Adobe Experience Manager=6.2.0.0-sp1
Adobe Experience Manager=6.2.0.0-sp1-cfp1
Adobe Experience Manager=6.2.0.0-sp1-cfp10
Adobe Experience Manager=6.2.0.0-sp1-cfp11
Adobe Experience Manager=6.2.0.0-sp1-cfp12.1
Adobe Experience Manager=6.2.0.0-sp1-cfp13
Adobe Experience Manager=6.2.0.0-sp1-cfp14
Adobe Experience Manager=6.2.0.0-sp1-cfp15
Adobe Experience Manager=6.2.0.0-sp1-cfp16
Adobe Experience Manager=6.2.0.0-sp1-cfp17
Adobe Experience Manager=6.2.0.0-sp1-cfp18
Adobe Experience Manager=6.2.0.0-sp1-cfp19
Adobe Experience Manager=6.2.0.0-sp1-cfp2
Adobe Experience Manager=6.2.0.0-sp1-cfp20
Adobe Experience Manager=6.2.0.0-sp1-cfp3
Adobe Experience Manager=6.2.0.0-sp1-cfp4
Adobe Experience Manager=6.2.0.0-sp1-cfp5
Adobe Experience Manager=6.2.0.0-sp1-cfp6
Adobe Experience Manager=6.2.0.0-sp1-cfp7
Adobe Experience Manager=6.2.0.0-sp1-cfp8
Adobe Experience Manager=6.2.0.0-sp1-cfp9

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is CVE-2020-9740?

    CVE-2020-9740 is a stored XSS vulnerability in Adobe Experience Manager (AEM) versions 6.5.5.0 and below, 6.4.8.1 and below, 6.3.3.8 and below, and 6.2 SP1-CFP20 and below.

  • Who is affected by CVE-2020-9740?

    Users of Adobe Experience Manager (AEM) versions 6.5.5.0 and below, 6.4.8.1 and below, 6.3.3.8 and below, and 6.2 SP1-CFP20 and below are affected by CVE-2020-9740.

  • What is the severity of CVE-2020-9740?

    The severity of CVE-2020-9740 is critical with a CVSS score of 5.4.

  • How can I fix CVE-2020-9740?

    To fix CVE-2020-9740, users should upgrade to AEM versions 6.5.5.1 (or above), 6.4.8.2 (or above), 6.3.3.9 (or above), or 6.2 SP1-CFP21 (or above) where the vulnerability has been patched.

  • Where can I find more information about CVE-2020-9740?

    You can find more information about CVE-2020-9740 on the Adobe Security Bulletin APSB20-56.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203