Vulnerabilities (CVE)

Filtered by vendor Adobe Subscribe
Filtered by product Experience Manager
Total 668 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-42356 1 Adobe 2 Experience Manager, Experience Manager Cloud Service 2024-11-21 N/A 5.4 MEDIUM
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
CVE-2022-42354 1 Adobe 2 Experience Manager, Experience Manager Cloud Service 2024-11-21 N/A 5.4 MEDIUM
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
CVE-2022-42352 1 Adobe 2 Experience Manager, Experience Manager Cloud Service 2024-11-21 N/A 5.4 MEDIUM
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
CVE-2022-42351 1 Adobe 2 Experience Manager, Experience Manager Cloud Service 2024-11-21 N/A 4.3 MEDIUM
Adobe Experience Manager version 6.5.14 (and earlier) is affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to disclose low level confidentiality information. Exploitation of this issue does not require user interaction.
CVE-2022-42350 1 Adobe 2 Experience Manager, Experience Manager Cloud Service 2024-11-21 N/A 5.4 MEDIUM
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
CVE-2022-42349 1 Adobe 2 Experience Manager, Experience Manager Cloud Service 2024-11-21 N/A 5.4 MEDIUM
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
CVE-2022-42348 1 Adobe 2 Experience Manager, Experience Manager Cloud Service 2024-11-21 N/A 5.4 MEDIUM
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
CVE-2022-42346 1 Adobe 2 Experience Manager, Experience Manager Cloud Service 2024-11-21 N/A 5.4 MEDIUM
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
CVE-2022-42345 1 Adobe 2 Experience Manager, Experience Manager Cloud Service 2024-11-21 N/A 5.4 MEDIUM
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
CVE-2022-38439 1 Adobe 2 Experience Manager, Experience Manager Cloud Service 2024-11-21 N/A 5.4 MEDIUM
Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM.
CVE-2022-38438 1 Adobe 2 Experience Manager, Experience Manager Cloud Service 2024-11-21 N/A 5.4 MEDIUM
Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM.
CVE-2022-35696 1 Adobe 2 Experience Manager, Experience Manager Cloud Service 2024-11-21 N/A 5.4 MEDIUM
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
CVE-2022-35695 1 Adobe 2 Experience Manager, Experience Manager Cloud Service 2024-11-21 N/A 5.4 MEDIUM
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
CVE-2022-35694 1 Adobe 2 Experience Manager, Experience Manager Cloud Service 2024-11-21 N/A 5.4 MEDIUM
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
CVE-2022-35693 1 Adobe 2 Experience Manager, Experience Manager Cloud Service 2024-11-21 N/A 5.4 MEDIUM
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
CVE-2022-30683 1 Adobe 1 Experience Manager 2024-11-21 N/A 5.3 MEDIUM
Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a Violation of Secure Design Principles vulnerability that could lead to bypass the security feature of the encryption mechanism in the backend . An attacker could leverage this vulnerability to decrypt secrets, however, this is a high-complexity attack as the threat actor needs to already possess those secrets. Exploitation of this issue requires low-privilege access to AEM.
CVE-2022-30679 1 Adobe 2 Experience Manager, Experience Manager Cloud Service 2024-11-21 N/A 5.4 MEDIUM
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
CVE-2022-28851 1 Adobe 1 Experience Manager 2024-11-21 N/A 5.4 MEDIUM
Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM.
CVE-2021-44178 1 Adobe 2 Experience Manager, Experience Manager Cloud Service 2024-11-21 4.3 MEDIUM 5.4 MEDIUM
AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a reflected Cross-Site Scripting (XSS) vulnerability via the itemResourceType parameter. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser
CVE-2021-44177 1 Adobe 2 Experience Manager, Experience Manager Cloud Service 2024-11-21 4.3 MEDIUM 8.1 HIGH
AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.