What is the severity of CVE-2020-9743?

CVE-2020-9743 is classified as a critical vulnerability due to its potential for HTML injection by unauthenticated users.

How do I fix CVE-2020-9743?

To fix CVE-2020-9743, upgrade to Adobe Experience Manager version 6.5.5.1 or later, 6.4.8.2 or later, 6.3.3.9 or later, or 6.2 SP1-CFP21 or later.

Which versions of Adobe Experience Manager are affected by CVE-2020-9743?

CVE-2020-9743 affects Adobe Experience Manager versions 6.5.5.0 and below, 6.4.8.1 and below, 6.3.3.8 and below, and 6.2 SP1-CFP20 and below.

What type of vulnerability is CVE-2020-9743?

CVE-2020-9743 is an HTML injection vulnerability, allowing attackers to inject arbitrary HTML code.

Can CVE-2020-9743 be exploited remotely?

Yes, CVE-2020-9743 can be exploited by unauthenticated users remotely through crafted HTTP requests.

Vulnerability/
CVE-2020-9743

medium

6.1

CWE

79 20

10/9/2020

16/9/2024

CVE-2020-9743: HTML injection in AEM's content editor component

First published: Thu Sep 10 2020(Updated: )

AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by an HTML injection vulnerability in the content editor component that allows unauthenticated users to craft an HTTP request that includes arbitrary HTML code in a parameter value. An attacker could then use the malicious GET request to lure victims to perform unsafe actions in the page (ex. phishing).

Credit: psirt@adobe.com

Affected Software	Affected Version	How to fix
Adobe Experience Manager	>=6.3.0.0<=6.3.3.8
Adobe Experience Manager	>=6.4.0.0<=6.4.8.1
Adobe Experience Manager	>=6.5.0.0<=6.5.5.0
Adobe Experience Manager	=6.2.0.0-sp1
Adobe Experience Manager	=6.2.0.0-sp1-cfp1
Adobe Experience Manager	=6.2.0.0-sp1-cfp10
Adobe Experience Manager	=6.2.0.0-sp1-cfp11
Adobe Experience Manager	=6.2.0.0-sp1-cfp12.1
Adobe Experience Manager	=6.2.0.0-sp1-cfp13
Adobe Experience Manager	=6.2.0.0-sp1-cfp14
Adobe Experience Manager	=6.2.0.0-sp1-cfp15
Adobe Experience Manager	=6.2.0.0-sp1-cfp16
Adobe Experience Manager	=6.2.0.0-sp1-cfp17
Adobe Experience Manager	=6.2.0.0-sp1-cfp18
Adobe Experience Manager	=6.2.0.0-sp1-cfp19
Adobe Experience Manager	=6.2.0.0-sp1-cfp2
Adobe Experience Manager	=6.2.0.0-sp1-cfp20
Adobe Experience Manager	=6.2.0.0-sp1-cfp3
Adobe Experience Manager	=6.2.0.0-sp1-cfp4
Adobe Experience Manager	=6.2.0.0-sp1-cfp5
Adobe Experience Manager	=6.2.0.0-sp1-cfp6
Adobe Experience Manager	=6.2.0.0-sp1-cfp7
Adobe Experience Manager	=6.2.0.0-sp1-cfp8
Adobe Experience Manager	=6.2.0.0-sp1-cfp9

Never miss a vulnerability like this again

Reference Links

https://helpx.adobe.com/security/products/experience-manager/apsb20-56.html

Frequently Asked Questions

What is the severity of CVE-2020-9743?
CVE-2020-9743 is classified as a critical vulnerability due to its potential for HTML injection by unauthenticated users.
How do I fix CVE-2020-9743?
To fix CVE-2020-9743, upgrade to Adobe Experience Manager version 6.5.5.1 or later, 6.4.8.2 or later, 6.3.3.9 or later, or 6.2 SP1-CFP21 or later.
Which versions of Adobe Experience Manager are affected by CVE-2020-9743?
CVE-2020-9743 affects Adobe Experience Manager versions 6.5.5.0 and below, 6.4.8.1 and below, 6.3.3.8 and below, and 6.2 SP1-CFP20 and below.
What type of vulnerability is CVE-2020-9743?
CVE-2020-9743 is an HTML injection vulnerability, allowing attackers to inject arbitrary HTML code.
Can CVE-2020-9743 be exploited remotely?
Yes, CVE-2020-9743 can be exploited by unauthenticated users remotely through crafted HTTP requests.

collector/nvd-index
agent/weakness
agent/type
agent/softwarecombine
agent/severity
agent/references
agent/title
agent/description
agent/author
agent/tags
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
agent/source
vendor/adobe
canonical/adobe experience manager
version/adobe experience manager/6.3.0.0
version/adobe experience manager/6.3.3.8
version/adobe experience manager/6.4.0.0
version/adobe experience manager/6.4.8.1
version/adobe experience manager/6.5.0.0
version/adobe experience manager/6.5.5.0
version/adobe experience manager/6.2.0.0-sp1
version/adobe experience manager/6.2.0.0-sp1-cfp1
version/adobe experience manager/6.2.0.0-sp1-cfp10
version/adobe experience manager/6.2.0.0-sp1-cfp11
version/adobe experience manager/6.2.0.0-sp1-cfp12.1
version/adobe experience manager/6.2.0.0-sp1-cfp13
version/adobe experience manager/6.2.0.0-sp1-cfp14
version/adobe experience manager/6.2.0.0-sp1-cfp15
version/adobe experience manager/6.2.0.0-sp1-cfp16
version/adobe experience manager/6.2.0.0-sp1-cfp17
version/adobe experience manager/6.2.0.0-sp1-cfp18
version/adobe experience manager/6.2.0.0-sp1-cfp19
version/adobe experience manager/6.2.0.0-sp1-cfp2
version/adobe experience manager/6.2.0.0-sp1-cfp20
version/adobe experience manager/6.2.0.0-sp1-cfp3
version/adobe experience manager/6.2.0.0-sp1-cfp4
version/adobe experience manager/6.2.0.0-sp1-cfp5
version/adobe experience manager/6.2.0.0-sp1-cfp6
version/adobe experience manager/6.2.0.0-sp1-cfp7
version/adobe experience manager/6.2.0.0-sp1-cfp8
version/adobe experience manager/6.2.0.0-sp1-cfp9