Latest adobe experience manager Vulnerabilities

CVE-2024-36213
AMS XSS - /libs/dam/gui/components/admin/assetpicker/demo/clientlibs/demo/js/demo.js
Adobe Experience Manager<6.5.21
Adobe Experience Manager<2024.5
CVE-2024-26126
HTML Injection at `https://author-bugbounty-65-prod.adobecqms.net/libs/cq/tagging/gui/content/tags/mergetag.html/*`
Adobe Experience Manager<6.5.21
Adobe Experience Manager<2024.5
CVE-2024-36150
AMS JS - /libs/mcm/campaign/components/touch-ui/clientlibs/core/js/PlaintextGenerator.js
Adobe Experience Manager<6.5.21
Adobe Experience Manager<2024.5
CVE-2024-36238
DOM XSS in `libs/granite/ui/components/shell/clientlibs/shell/js/onboarding.js`
Adobe Experience Manager<6.5.21
Adobe Experience Manager<2024.5
CVE-2024-36239
DOM XSS in `libs/cq/experience-fragments/components/admin/previewvariation/clientlib/publish.js`
Adobe Experience Manager<6.5.21
Adobe Experience Manager<2024.5
CVE-2024-26037
DOM XSS in `libs/cq/gui/components/projects/admin/translation/job/accepttranslation/clientlibs/js/accepttranslation.js`
Adobe Experience Manager<6.5.21
Adobe Experience Manager<2024.5
CVE-2024-36156
AMS XSS - /libs/cq/gui/components/coral/common/admin/timeline/clientlibs/timeline/js/events.js
Adobe Experience Manager<6.5.21
Adobe Experience Manager<2024.5
CVE-2024-36229
DOM XSS in `/libs/granite/ui/components/coral/foundation/clientlibs/foundation/js/collection/action/action/foundation.pushstate.js`
Adobe Experience Manager<6.5.21
Adobe Experience Manager<2024.5
CVE-2024-20769
AMS XSS - /libs/cq/gui/components/projects/admin/translation/customsearch/assettype/clientlibs/assettype/js/assettype.js
Adobe Experience Manager<6.5.21
Adobe Experience Manager<2024.5
CVE-2024-36236
DOM XSS in `libs/granite/oauth/clientlibs/clientlist/js/clientlist.js`
Adobe Experience Manager<6.5.21
Adobe Experience Manager<2024.5
CVE-2024-36157
AMS XSS - /libs/granite/ui/components/shell/clientlibs/shell/js/badge.js
Adobe Experience Manager<6.5.21
Adobe Experience Manager<2024.5
CVE-2024-26082
Stored XSS in `libs/cq/gui/components/common/admin/managepublication/clientlibs/managepublication/js/managepublication.js`
Adobe Experience Manager<6.5.21
Adobe Experience Manager<2024.5
CVE-2024-34120
AMS XSS - /libs/cq/searchpromote/components/linklist/facetcontent.jsp (retest of 1914167 - not fixed)
Adobe Experience Manager<6.5.21
Adobe Experience Manager<2024.5
CVE-2024-26088
AMS XSS - /libs/dam/cfm/admin/clientlibs/adminpage/actions/js/managepublication.js (JS)
Adobe Experience Manager<6.5.21
Adobe Experience Manager<2024.5
CVE-2024-36211
AMS XSS - /libs/foundation/components/parbase/scaffolding.jsp (bypass for report 2134793)
Adobe Experience Manager<6.5.21
Adobe Experience Manager<2024.5
CVE-2024-36233
DOM XSS in `libs/granite/ui/components/coral/foundation/clientlibs/foundation/js/coral/coral2.js` (coral-Autocomplete)
Adobe Experience Manager<6.5.21
Adobe Experience Manager<2024.5
CVE-2024-36224
DOM XSS in `/libs/dam/gui/coral/components/admin/customsearch/savedsearch/actiondialogs/clientlibs/actiondialogs/dialogs.js`
Adobe Experience Manager<6.5.21
Adobe Experience Manager<2024.5
CVE-2024-36225
AMS XSS - /libs/dam/gui/components/admin/commons/redirecttopreviouspage/clientlibs/redirecttopreviouspage/js/redirecttopreviouspage.js (js)
Adobe Experience Manager<6.5.21
Adobe Experience Manager<2024.5
CVE-2024-26110
Cloud Services - /libs/cq/contexthub/components/new-segment/clientlib/wizard.new-segment.js (JS)
Adobe Experience Manager<6.5.21
Adobe Experience Manager<2024.5
CVE-2024-36153
AMS XSS - /libs/cq/personalization/touch-ui/clientlibs/audiences/newFolder.js
Adobe Experience Manager<6.5.21
Adobe Experience Manager<2024.5
CVE-2024-36206
AMS XSS - /libs/clientlibs/social/hbs/moderationfoundation/moderationfoundation.js
Adobe Experience Manager<6.5.21
Adobe Experience Manager<2024.5
CVE-2024-36160
AMS XSS - /libs/fd/af/authoring/clientlibs/guideCommonAuthoring/js/GuidePanelEdit.js
Adobe Experience Manager<6.5.21
Adobe Experience Manager<2024.5
CVE-2024-26075
Stored XSS in `libs/dam/cfm/admin/clientlibs/v2/authoring/contenteditor/unique.js`
Adobe Experience Manager<6.5.21
Adobe Experience Manager<2024.5
CVE-2024-36230
DOM XSS in `/libs/dam/gui/coral/components/admin/welcome/clientlibs/welcome/js/welcome.js`
Adobe Experience Manager<6.5.21
Adobe Experience Manager<2024.5
CVE-2024-36144
AMS XSS - /libs/cq/searchpromote/components/sorting/sorting.jsp (retest of 2001313 - not fixed)
Adobe Experience Manager<6.5.21
Adobe Experience Manager<2024.5
CVE-2024-26074
Stored XSS in `libs/dam/cfm/models/editor/components/fragmentreference/clientlibs/modeleditor/js/defaultValue.js`
Adobe Experience Manager<6.5.21
Adobe Experience Manager<2024.5
CVE-2024-26111
AMS XSS - /libs/fd/af/components/guideradiobutton (retest of 2088443 - new issue)
Adobe Experience Manager<6.5.21
Adobe Experience Manager<2024.5
CVE-2024-36222
DOM XSS in `/libs/dam/gui/coral/components/admin/customthumb/clientlibs/customthumb.js`
Adobe Experience Manager<6.5.21
Adobe Experience Manager<2024.5
CVE-2024-26060
AMS XSS - /libs/cq/inbox/gui/components/inbox/table/table.jsp (include)
Adobe Experience Manager<6.5.21
Adobe Experience Manager<2024.5
CVE-2024-36173
AMS XSS - /libs/dam/gui/components/s7dam/videoreport/clientlibs/videosummaryreport/js/summaryreport.js
Adobe Experience Manager<6.5.21
Adobe Experience Manager<2024.5
CVE-2024-26083
Stored XSS in `libs/granite/ui/components/foundation/clientlibs/foundation/js/admin/propertiesactivator.js`
Adobe Experience Manager<6.5.21
Adobe Experience Manager<2024.5
CVE-2024-26090
(Bypass #2122705) DOM XSS in `/libs/cq/cloudservicesprovisioning/clientlibs/optinwizard/source/optinwizard.js`
Adobe Experience Manager<6.5.21
Adobe Experience Manager<2024.5
CVE-2024-36165
AMS XSS - /libs/cq/workflow/admin/console/components/clientlibs/js/dialogs/model.create.js
Adobe Experience Manager<6.5.21
Adobe Experience Manager<2024.5
CVE-2024-26072
DOM XSS (version 2) in `libs/granite/ui/components/shell/clientlibs/shell/js/globalnav.js`
Adobe Experience Manager<6.5.21
Adobe Experience Manager<2024.5
CVE-2024-36186
Stored XSS in `libs/granite/contexthub/cloudsettings/components/clientlibs/js/wizard.js`
Adobe Experience Manager<6.5.21
Adobe Experience Manager<2024.5
CVE-2024-36220
DOM XSS in `libs/cq/gui/components/siteadmin/admin/foundpages/clientlibs/predicatebreadcrumbs.js`
Adobe Experience Manager<6.5.21
Adobe Experience Manager<2024.5
CVE-2024-36204
AMS XSS - /libs/dam/gui/coral/components/admin/folderschemaforms/clientlibs/folderschemaforms/js/formdetails.js
Adobe Experience Manager<6.5.21
Adobe Experience Manager<2024.5
CVE-2024-36215
AMS XSS - /libs/granite/operations/clientlibs/maintenance/js/maintenance-tasks.js (JS)
Adobe Experience Manager<6.5.21
Adobe Experience Manager<2024.5
CVE-2024-26053
DOM XSS in `/libs/cq/personalization/touch-ui/clientlibs/audiences/newFolder.js`
Adobe Experience Manager<6.5.21
Adobe Experience Manager<2024.5
CVE-2024-36217
AMS XSS - /libs/granite/oauth/clientlibs/oauth/js/oauth.js (JS)
Adobe Experience Manager<6.5.21
Adobe Experience Manager<2024.5
CVE-2024-36147
AMS XSS - /libs/cq/experience-fragments/components/xfconfigpathbrowser/clientlib/clientlib.js
Adobe Experience Manager<6.5.21
Adobe Experience Manager<2024.5
CVE-2024-36196
Stored XSS in `libs/dam/components/scene7/dynamicmedia/clientlibs/dynamicmedia/js/init.js`
Adobe Experience Manager<6.5.21
Adobe Experience Manager<2024.5
CVE-2024-36154
AMS XSS - /libs/social/enablement/components/clientlibs/assetselector/assetselector.js
Adobe Experience Manager<6.5.21
Adobe Experience Manager<2024.5
CVE-2024-36175
AMS XSS - /libs/cq/gui/components/siteadmin/admin/components/clientlibs/js/liveusage.js
Adobe Experience Manager<6.5.21
Adobe Experience Manager<2024.5
CVE-2024-36179
AMS XSS - /libs/cq/inbox/gui/components/inbox/clientlibs/inbox/js/inbox.header.js
Adobe Experience Manager<6.5.21
Adobe Experience Manager<2024.5
CVE-2024-36205
AMS XSS - /libs/dam/gui/coral/components/admin/folderschemaforms/formbuilder/v2/clientlibs/js/formdetails.js
Adobe Experience Manager<6.5.21
Adobe Experience Manager<2024.5
CVE-2024-26092
AMS XSS - /libs/cq/experience-fragments/components/experiencefragment/clientlibs/xfconsole/xfconsole.js (js)
Adobe Experience Manager<6.5.21
Adobe Experience Manager<2024.5
CVE-2024-26093
AMS XSS - /libs/cq/gui/components/projects/admin/clientlibs/taskmanagement/js/taskmanagement.js (JS)
Adobe Experience Manager<6.5.21
Adobe Experience Manager<2024.5
CVE-2024-36207
AMS XSS - /libs/cq/address/components/addressbook/clientlib/addressbook.js
Adobe Experience Manager<6.5.21
Adobe Experience Manager<2024.5
CVE-2024-36192
Stored XSS in `libs/dam/gui/components/s7dam/profiles/videoprofiles/clientlibs/videoprofiles/editprofile.js`
Adobe Experience Manager<6.5.21
Adobe Experience Manager<2024.5

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203