Search

Find a vulnerability

Search criteria

    366 vulnerabilities found for experience_manager_cloud_service by adobe

    CVE-2023-48556 (GCVE-0-2023-48556)

    Vulnerability from nvd – Published: 2023-12-15 10:16 – Updated: 2024-10-07 13:47
    VLAI
    Title
    Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
    Summary
    Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
    CWE
    • CWE-79 - Cross-site Scripting (DOM-based XSS) (CWE-79)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Adobe Adobe Experience Manager Affected: 0 , ≤ 6.5.18 (semver)
    Create a notification for this product.
    Date Public
    2023-12-12 17:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T21:30:35.523Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Adobe Experience Manager",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "6.5.18",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2023-12-12T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim\u0027s browser."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "availabilityRequirement": "NOT_DEFINED",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "confidentialityRequirement": "NOT_DEFINED",
                "environmentalScore": 5.4,
                "environmentalSeverity": "MEDIUM",
                "exploitCodeMaturity": "NOT_DEFINED",
                "integrityImpact": "LOW",
                "integrityRequirement": "NOT_DEFINED",
                "modifiedAttackComplexity": "LOW",
                "modifiedAttackVector": "NETWORK",
                "modifiedAvailabilityImpact": "NONE",
                "modifiedConfidentialityImpact": "LOW",
                "modifiedIntegrityImpact": "LOW",
                "modifiedPrivilegesRequired": "LOW",
                "modifiedScope": "CHANGED",
                "modifiedUserInteraction": "REQUIRED",
                "privilegesRequired": "LOW",
                "remediationLevel": "NOT_DEFINED",
                "reportConfidence": "NOT_DEFINED",
                "scope": "CHANGED",
                "temporalScore": 5.4,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-07T13:47:31.833Z",
            "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
            "shortName": "adobe"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "assignerShortName": "adobe",
        "cveId": "CVE-2023-48556",
        "datePublished": "2023-12-15T10:16:22.671Z",
        "dateReserved": "2023-11-16T23:29:25.389Z",
        "dateUpdated": "2024-10-07T13:47:31.833Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-48555 (GCVE-0-2023-48555)

    Vulnerability from nvd – Published: 2023-12-15 10:16 – Updated: 2024-10-07 13:47
    VLAI
    Title
    Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
    Summary
    Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
    CWE
    • CWE-79 - Cross-site Scripting (Stored XSS) (CWE-79)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Adobe Adobe Experience Manager Affected: 0 , ≤ 6.5.18 (semver)
    Create a notification for this product.
    Date Public
    2023-12-12 17:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T21:30:35.501Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Adobe Experience Manager",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "6.5.18",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2023-12-12T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "availabilityRequirement": "NOT_DEFINED",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "confidentialityRequirement": "NOT_DEFINED",
                "environmentalScore": 5.4,
                "environmentalSeverity": "MEDIUM",
                "exploitCodeMaturity": "NOT_DEFINED",
                "integrityImpact": "LOW",
                "integrityRequirement": "NOT_DEFINED",
                "modifiedAttackComplexity": "LOW",
                "modifiedAttackVector": "NETWORK",
                "modifiedAvailabilityImpact": "NONE",
                "modifiedConfidentialityImpact": "LOW",
                "modifiedIntegrityImpact": "LOW",
                "modifiedPrivilegesRequired": "LOW",
                "modifiedScope": "CHANGED",
                "modifiedUserInteraction": "REQUIRED",
                "privilegesRequired": "LOW",
                "remediationLevel": "NOT_DEFINED",
                "reportConfidence": "NOT_DEFINED",
                "scope": "CHANGED",
                "temporalScore": 5.4,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Cross-site Scripting (Stored XSS) (CWE-79)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-07T13:47:43.085Z",
            "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
            "shortName": "adobe"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "assignerShortName": "adobe",
        "cveId": "CVE-2023-48555",
        "datePublished": "2023-12-15T10:16:12.685Z",
        "dateReserved": "2023-11-16T23:29:25.389Z",
        "dateUpdated": "2024-10-07T13:47:43.085Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-48554 (GCVE-0-2023-48554)

    Vulnerability from nvd – Published: 2023-12-15 10:15 – Updated: 2024-11-25 21:04
    VLAI
    Title
    Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
    Summary
    Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Cross-site Scripting (Stored XSS) (CWE-79)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Adobe Adobe Experience Manager Affected: 0 , ≤ 6.5.18 (semver)
    Create a notification for this product.
    Date Public
    2023-12-12 17:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T21:30:35.437Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-48554",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2023-12-19T17:17:43.458757Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-25T21:04:01.971Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Adobe Experience Manager",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "6.5.18",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2023-12-12T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "availabilityRequirement": "NOT_DEFINED",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "confidentialityRequirement": "NOT_DEFINED",
                "environmentalScore": 5.4,
                "environmentalSeverity": "MEDIUM",
                "exploitCodeMaturity": "NOT_DEFINED",
                "integrityImpact": "LOW",
                "integrityRequirement": "NOT_DEFINED",
                "modifiedAttackComplexity": "LOW",
                "modifiedAttackVector": "NETWORK",
                "modifiedAvailabilityImpact": "NONE",
                "modifiedConfidentialityImpact": "LOW",
                "modifiedIntegrityImpact": "LOW",
                "modifiedPrivilegesRequired": "LOW",
                "modifiedScope": "CHANGED",
                "modifiedUserInteraction": "REQUIRED",
                "privilegesRequired": "LOW",
                "remediationLevel": "NOT_DEFINED",
                "reportConfidence": "NOT_DEFINED",
                "scope": "CHANGED",
                "temporalScore": 5.4,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Cross-site Scripting (Stored XSS) (CWE-79)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-07T13:48:04.854Z",
            "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
            "shortName": "adobe"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "assignerShortName": "adobe",
        "cveId": "CVE-2023-48554",
        "datePublished": "2023-12-15T10:15:51.935Z",
        "dateReserved": "2023-11-16T23:29:25.389Z",
        "dateUpdated": "2024-11-25T21:04:01.971Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-48553 (GCVE-0-2023-48553)

    Vulnerability from nvd – Published: 2023-12-15 10:16 – Updated: 2024-10-07 13:48
    VLAI
    Title
    Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
    Summary
    Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
    CWE
    • CWE-79 - Cross-site Scripting (Stored XSS) (CWE-79)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Adobe Adobe Experience Manager Affected: 0 , ≤ 6.5.18 (semver)
    Create a notification for this product.
    Date Public
    2023-12-12 17:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T21:30:35.441Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Adobe Experience Manager",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "6.5.18",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2023-12-12T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "availabilityRequirement": "NOT_DEFINED",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "confidentialityRequirement": "NOT_DEFINED",
                "environmentalScore": 5.4,
                "environmentalSeverity": "MEDIUM",
                "exploitCodeMaturity": "NOT_DEFINED",
                "integrityImpact": "LOW",
                "integrityRequirement": "NOT_DEFINED",
                "modifiedAttackComplexity": "LOW",
                "modifiedAttackVector": "NETWORK",
                "modifiedAvailabilityImpact": "NONE",
                "modifiedConfidentialityImpact": "LOW",
                "modifiedIntegrityImpact": "LOW",
                "modifiedPrivilegesRequired": "LOW",
                "modifiedScope": "CHANGED",
                "modifiedUserInteraction": "REQUIRED",
                "privilegesRequired": "LOW",
                "remediationLevel": "NOT_DEFINED",
                "reportConfidence": "NOT_DEFINED",
                "scope": "CHANGED",
                "temporalScore": 5.4,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Cross-site Scripting (Stored XSS) (CWE-79)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-07T13:48:16.529Z",
            "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
            "shortName": "adobe"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "assignerShortName": "adobe",
        "cveId": "CVE-2023-48553",
        "datePublished": "2023-12-15T10:16:13.553Z",
        "dateReserved": "2023-11-16T23:29:25.389Z",
        "dateUpdated": "2024-10-07T13:48:16.529Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-48552 (GCVE-0-2023-48552)

    Vulnerability from nvd – Published: 2023-12-15 10:16 – Updated: 2024-10-07 13:48
    VLAI
    Title
    Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
    Summary
    Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
    CWE
    • CWE-79 - Cross-site Scripting (Stored XSS) (CWE-79)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Adobe Adobe Experience Manager Affected: 0 , ≤ 6.5.18 (semver)
    Create a notification for this product.
    Date Public
    2023-12-12 17:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T21:30:35.480Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Adobe Experience Manager",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "6.5.18",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2023-12-12T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "availabilityRequirement": "NOT_DEFINED",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "confidentialityRequirement": "NOT_DEFINED",
                "environmentalScore": 5.4,
                "environmentalSeverity": "MEDIUM",
                "exploitCodeMaturity": "NOT_DEFINED",
                "integrityImpact": "LOW",
                "integrityRequirement": "NOT_DEFINED",
                "modifiedAttackComplexity": "LOW",
                "modifiedAttackVector": "NETWORK",
                "modifiedAvailabilityImpact": "NONE",
                "modifiedConfidentialityImpact": "LOW",
                "modifiedIntegrityImpact": "LOW",
                "modifiedPrivilegesRequired": "LOW",
                "modifiedScope": "CHANGED",
                "modifiedUserInteraction": "REQUIRED",
                "privilegesRequired": "LOW",
                "remediationLevel": "NOT_DEFINED",
                "reportConfidence": "NOT_DEFINED",
                "scope": "CHANGED",
                "temporalScore": 5.4,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Cross-site Scripting (Stored XSS) (CWE-79)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-07T13:48:39.304Z",
            "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
            "shortName": "adobe"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "assignerShortName": "adobe",
        "cveId": "CVE-2023-48552",
        "datePublished": "2023-12-15T10:16:37.145Z",
        "dateReserved": "2023-11-16T23:29:25.388Z",
        "dateUpdated": "2024-10-07T13:48:39.304Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-48551 (GCVE-0-2023-48551)

    Vulnerability from nvd – Published: 2023-12-15 10:17 – Updated: 2024-10-07 13:48
    VLAI
    Title
    Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
    Summary
    Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
    CWE
    • CWE-79 - Cross-site Scripting (Stored XSS) (CWE-79)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Adobe Adobe Experience Manager Affected: 0 , ≤ 6.5.18 (semver)
    Create a notification for this product.
    Date Public
    2023-12-12 17:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T21:30:35.560Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Adobe Experience Manager",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "6.5.18",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2023-12-12T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "availabilityRequirement": "NOT_DEFINED",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "confidentialityRequirement": "NOT_DEFINED",
                "environmentalScore": 5.4,
                "environmentalSeverity": "MEDIUM",
                "exploitCodeMaturity": "NOT_DEFINED",
                "integrityImpact": "LOW",
                "integrityRequirement": "NOT_DEFINED",
                "modifiedAttackComplexity": "LOW",
                "modifiedAttackVector": "NETWORK",
                "modifiedAvailabilityImpact": "NONE",
                "modifiedConfidentialityImpact": "LOW",
                "modifiedIntegrityImpact": "LOW",
                "modifiedPrivilegesRequired": "LOW",
                "modifiedScope": "CHANGED",
                "modifiedUserInteraction": "REQUIRED",
                "privilegesRequired": "LOW",
                "remediationLevel": "NOT_DEFINED",
                "reportConfidence": "NOT_DEFINED",
                "scope": "CHANGED",
                "temporalScore": 5.4,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Cross-site Scripting (Stored XSS) (CWE-79)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-07T13:48:49.769Z",
            "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
            "shortName": "adobe"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "assignerShortName": "adobe",
        "cveId": "CVE-2023-48551",
        "datePublished": "2023-12-15T10:17:15.500Z",
        "dateReserved": "2023-11-16T23:29:25.388Z",
        "dateUpdated": "2024-10-07T13:48:49.769Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-48550 (GCVE-0-2023-48550)

    Vulnerability from nvd – Published: 2023-12-15 10:17 – Updated: 2024-10-07 13:49
    VLAI
    Title
    Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
    Summary
    Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
    CWE
    • CWE-79 - Cross-site Scripting (Stored XSS) (CWE-79)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Adobe Adobe Experience Manager Affected: 0 , ≤ 6.5.18 (semver)
    Create a notification for this product.
    Date Public
    2023-12-12 17:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T21:30:35.449Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Adobe Experience Manager",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "6.5.18",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2023-12-12T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "availabilityRequirement": "NOT_DEFINED",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "confidentialityRequirement": "NOT_DEFINED",
                "environmentalScore": 5.4,
                "environmentalSeverity": "MEDIUM",
                "exploitCodeMaturity": "NOT_DEFINED",
                "integrityImpact": "LOW",
                "integrityRequirement": "NOT_DEFINED",
                "modifiedAttackComplexity": "LOW",
                "modifiedAttackVector": "NETWORK",
                "modifiedAvailabilityImpact": "NONE",
                "modifiedConfidentialityImpact": "LOW",
                "modifiedIntegrityImpact": "LOW",
                "modifiedPrivilegesRequired": "LOW",
                "modifiedScope": "CHANGED",
                "modifiedUserInteraction": "REQUIRED",
                "privilegesRequired": "LOW",
                "remediationLevel": "NOT_DEFINED",
                "reportConfidence": "NOT_DEFINED",
                "scope": "CHANGED",
                "temporalScore": 5.4,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Cross-site Scripting (Stored XSS) (CWE-79)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-07T13:49:00.977Z",
            "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
            "shortName": "adobe"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "assignerShortName": "adobe",
        "cveId": "CVE-2023-48550",
        "datePublished": "2023-12-15T10:17:41.716Z",
        "dateReserved": "2023-11-16T23:29:25.387Z",
        "dateUpdated": "2024-10-07T13:49:00.977Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-48549 (GCVE-0-2023-48549)

    Vulnerability from nvd – Published: 2023-12-15 10:16 – Updated: 2024-10-07 13:49
    VLAI
    Title
    Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
    Summary
    Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
    CWE
    • CWE-79 - Cross-site Scripting (Stored XSS) (CWE-79)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Adobe Adobe Experience Manager Affected: 0 , ≤ 6.5.18 (semver)
    Create a notification for this product.
    Date Public
    2023-12-12 17:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T21:30:35.441Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Adobe Experience Manager",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "6.5.18",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2023-12-12T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "availabilityRequirement": "NOT_DEFINED",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "confidentialityRequirement": "NOT_DEFINED",
                "environmentalScore": 5.4,
                "environmentalSeverity": "MEDIUM",
                "exploitCodeMaturity": "NOT_DEFINED",
                "integrityImpact": "LOW",
                "integrityRequirement": "NOT_DEFINED",
                "modifiedAttackComplexity": "LOW",
                "modifiedAttackVector": "NETWORK",
                "modifiedAvailabilityImpact": "NONE",
                "modifiedConfidentialityImpact": "LOW",
                "modifiedIntegrityImpact": "LOW",
                "modifiedPrivilegesRequired": "LOW",
                "modifiedScope": "CHANGED",
                "modifiedUserInteraction": "REQUIRED",
                "privilegesRequired": "LOW",
                "remediationLevel": "NOT_DEFINED",
                "reportConfidence": "NOT_DEFINED",
                "scope": "CHANGED",
                "temporalScore": 5.4,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Cross-site Scripting (Stored XSS) (CWE-79)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-07T13:49:11.781Z",
            "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
            "shortName": "adobe"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "assignerShortName": "adobe",
        "cveId": "CVE-2023-48549",
        "datePublished": "2023-12-15T10:16:03.305Z",
        "dateReserved": "2023-11-16T23:29:25.387Z",
        "dateUpdated": "2024-10-07T13:49:11.781Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-48548 (GCVE-0-2023-48548)

    Vulnerability from nvd – Published: 2023-12-15 10:15 – Updated: 2025-05-21 14:20
    VLAI
    Title
    Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
    Summary
    Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Cross-site Scripting (Stored XSS) (CWE-79)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Adobe Adobe Experience Manager Affected: 0 , ≤ 6.5.18 (semver)
    Create a notification for this product.
    Date Public
    2023-12-12 17:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T21:30:35.586Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-48548",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2023-12-18T15:22:16.684318Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-21T14:20:51.367Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Adobe Experience Manager",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "6.5.18",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2023-12-12T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "availabilityRequirement": "NOT_DEFINED",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "confidentialityRequirement": "NOT_DEFINED",
                "environmentalScore": 5.4,
                "environmentalSeverity": "MEDIUM",
                "exploitCodeMaturity": "NOT_DEFINED",
                "integrityImpact": "LOW",
                "integrityRequirement": "NOT_DEFINED",
                "modifiedAttackComplexity": "LOW",
                "modifiedAttackVector": "NETWORK",
                "modifiedAvailabilityImpact": "NONE",
                "modifiedConfidentialityImpact": "LOW",
                "modifiedIntegrityImpact": "LOW",
                "modifiedPrivilegesRequired": "LOW",
                "modifiedScope": "CHANGED",
                "modifiedUserInteraction": "REQUIRED",
                "privilegesRequired": "LOW",
                "remediationLevel": "NOT_DEFINED",
                "reportConfidence": "NOT_DEFINED",
                "scope": "CHANGED",
                "temporalScore": 5.4,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Cross-site Scripting (Stored XSS) (CWE-79)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-07T13:49:23.139Z",
            "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
            "shortName": "adobe"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "assignerShortName": "adobe",
        "cveId": "CVE-2023-48548",
        "datePublished": "2023-12-15T10:15:57.717Z",
        "dateReserved": "2023-11-16T23:29:25.387Z",
        "dateUpdated": "2025-05-21T14:20:51.367Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-48547 (GCVE-0-2023-48547)

    Vulnerability from nvd – Published: 2023-12-15 10:16 – Updated: 2024-10-07 13:49
    VLAI
    Title
    Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
    Summary
    Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
    CWE
    • CWE-79 - Cross-site Scripting (Stored XSS) (CWE-79)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Adobe Adobe Experience Manager Affected: 0 , ≤ 6.5.18 (semver)
    Create a notification for this product.
    Date Public
    2023-12-12 17:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T21:30:35.493Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Adobe Experience Manager",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "6.5.18",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2023-12-12T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "availabilityRequirement": "NOT_DEFINED",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "confidentialityRequirement": "NOT_DEFINED",
                "environmentalScore": 5.4,
                "environmentalSeverity": "MEDIUM",
                "exploitCodeMaturity": "NOT_DEFINED",
                "integrityImpact": "LOW",
                "integrityRequirement": "NOT_DEFINED",
                "modifiedAttackComplexity": "LOW",
                "modifiedAttackVector": "NETWORK",
                "modifiedAvailabilityImpact": "NONE",
                "modifiedConfidentialityImpact": "LOW",
                "modifiedIntegrityImpact": "LOW",
                "modifiedPrivilegesRequired": "LOW",
                "modifiedScope": "CHANGED",
                "modifiedUserInteraction": "REQUIRED",
                "privilegesRequired": "LOW",
                "remediationLevel": "NOT_DEFINED",
                "reportConfidence": "NOT_DEFINED",
                "scope": "CHANGED",
                "temporalScore": 5.4,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Cross-site Scripting (Stored XSS) (CWE-79)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-07T13:49:34.122Z",
            "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
            "shortName": "adobe"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "assignerShortName": "adobe",
        "cveId": "CVE-2023-48547",
        "datePublished": "2023-12-15T10:16:01.734Z",
        "dateReserved": "2023-11-16T23:29:25.387Z",
        "dateUpdated": "2024-10-07T13:49:34.122Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-48546 (GCVE-0-2023-48546)

    Vulnerability from nvd – Published: 2023-12-15 10:17 – Updated: 2024-10-07 13:49
    VLAI
    Title
    Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
    Summary
    Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
    CWE
    • CWE-79 - Cross-site Scripting (Stored XSS) (CWE-79)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Adobe Adobe Experience Manager Affected: 0 , ≤ 6.5.18 (semver)
    Create a notification for this product.
    Date Public
    2023-12-12 17:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T21:30:35.504Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Adobe Experience Manager",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "6.5.18",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2023-12-12T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "availabilityRequirement": "NOT_DEFINED",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "confidentialityRequirement": "NOT_DEFINED",
                "environmentalScore": 5.4,
                "environmentalSeverity": "MEDIUM",
                "exploitCodeMaturity": "NOT_DEFINED",
                "integrityImpact": "LOW",
                "integrityRequirement": "NOT_DEFINED",
                "modifiedAttackComplexity": "LOW",
                "modifiedAttackVector": "NETWORK",
                "modifiedAvailabilityImpact": "NONE",
                "modifiedConfidentialityImpact": "LOW",
                "modifiedIntegrityImpact": "LOW",
                "modifiedPrivilegesRequired": "LOW",
                "modifiedScope": "CHANGED",
                "modifiedUserInteraction": "REQUIRED",
                "privilegesRequired": "LOW",
                "remediationLevel": "NOT_DEFINED",
                "reportConfidence": "NOT_DEFINED",
                "scope": "CHANGED",
                "temporalScore": 5.4,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Cross-site Scripting (Stored XSS) (CWE-79)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-07T13:49:45.557Z",
            "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
            "shortName": "adobe"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "assignerShortName": "adobe",
        "cveId": "CVE-2023-48546",
        "datePublished": "2023-12-15T10:17:02.083Z",
        "dateReserved": "2023-11-16T23:29:25.387Z",
        "dateUpdated": "2024-10-07T13:49:45.557Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-48545 (GCVE-0-2023-48545)

    Vulnerability from nvd – Published: 2023-12-15 10:15 – Updated: 2024-10-07 13:49
    VLAI
    Title
    Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
    Summary
    Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
    CWE
    • CWE-79 - Cross-site Scripting (Stored XSS) (CWE-79)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Adobe Adobe Experience Manager Affected: 0 , ≤ 6.5.18 (semver)
    Create a notification for this product.
    Date Public
    2023-12-12 17:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T21:30:35.487Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Adobe Experience Manager",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "6.5.18",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2023-12-12T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "availabilityRequirement": "NOT_DEFINED",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "confidentialityRequirement": "NOT_DEFINED",
                "environmentalScore": 5.4,
                "environmentalSeverity": "MEDIUM",
                "exploitCodeMaturity": "NOT_DEFINED",
                "integrityImpact": "LOW",
                "integrityRequirement": "NOT_DEFINED",
                "modifiedAttackComplexity": "LOW",
                "modifiedAttackVector": "NETWORK",
                "modifiedAvailabilityImpact": "NONE",
                "modifiedConfidentialityImpact": "LOW",
                "modifiedIntegrityImpact": "LOW",
                "modifiedPrivilegesRequired": "LOW",
                "modifiedScope": "CHANGED",
                "modifiedUserInteraction": "REQUIRED",
                "privilegesRequired": "LOW",
                "remediationLevel": "NOT_DEFINED",
                "reportConfidence": "NOT_DEFINED",
                "scope": "CHANGED",
                "temporalScore": 5.4,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Cross-site Scripting (Stored XSS) (CWE-79)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-07T13:49:56.862Z",
            "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
            "shortName": "adobe"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "assignerShortName": "adobe",
        "cveId": "CVE-2023-48545",
        "datePublished": "2023-12-15T10:15:52.697Z",
        "dateReserved": "2023-11-16T23:29:25.387Z",
        "dateUpdated": "2024-10-07T13:49:56.862Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-48544 (GCVE-0-2023-48544)

    Vulnerability from nvd – Published: 2023-12-15 10:16 – Updated: 2024-11-25 21:00
    VLAI
    Title
    Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
    Summary
    Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Cross-site Scripting (Stored XSS) (CWE-79)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Adobe Adobe Experience Manager Affected: 0 , ≤ 6.5.18 (semver)
    Create a notification for this product.
    Date Public
    2023-12-12 17:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T21:30:35.420Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-48544",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2023-12-19T17:18:10.993392Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-25T21:00:05.039Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Adobe Experience Manager",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "6.5.18",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2023-12-12T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "availabilityRequirement": "NOT_DEFINED",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "confidentialityRequirement": "NOT_DEFINED",
                "environmentalScore": 5.4,
                "environmentalSeverity": "MEDIUM",
                "exploitCodeMaturity": "NOT_DEFINED",
                "integrityImpact": "LOW",
                "integrityRequirement": "NOT_DEFINED",
                "modifiedAttackComplexity": "LOW",
                "modifiedAttackVector": "NETWORK",
                "modifiedAvailabilityImpact": "NONE",
                "modifiedConfidentialityImpact": "LOW",
                "modifiedIntegrityImpact": "LOW",
                "modifiedPrivilegesRequired": "LOW",
                "modifiedScope": "CHANGED",
                "modifiedUserInteraction": "REQUIRED",
                "privilegesRequired": "LOW",
                "remediationLevel": "NOT_DEFINED",
                "reportConfidence": "NOT_DEFINED",
                "scope": "CHANGED",
                "temporalScore": 5.4,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Cross-site Scripting (Stored XSS) (CWE-79)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-07T13:50:08.268Z",
            "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
            "shortName": "adobe"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "assignerShortName": "adobe",
        "cveId": "CVE-2023-48544",
        "datePublished": "2023-12-15T10:16:45.951Z",
        "dateReserved": "2023-11-16T23:29:25.387Z",
        "dateUpdated": "2024-11-25T21:00:05.039Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-48543 (GCVE-0-2023-48543)

    Vulnerability from nvd – Published: 2023-12-15 10:17 – Updated: 2024-10-07 13:50
    VLAI
    Title
    Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
    Summary
    Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
    CWE
    • CWE-79 - Cross-site Scripting (Stored XSS) (CWE-79)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Adobe Adobe Experience Manager Affected: 0 , ≤ 6.5.18 (semver)
    Create a notification for this product.
    Date Public
    2023-12-12 17:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T21:30:35.440Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Adobe Experience Manager",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "6.5.18",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2023-12-12T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "availabilityRequirement": "NOT_DEFINED",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "confidentialityRequirement": "NOT_DEFINED",
                "environmentalScore": 5.4,
                "environmentalSeverity": "MEDIUM",
                "exploitCodeMaturity": "NOT_DEFINED",
                "integrityImpact": "LOW",
                "integrityRequirement": "NOT_DEFINED",
                "modifiedAttackComplexity": "LOW",
                "modifiedAttackVector": "NETWORK",
                "modifiedAvailabilityImpact": "NONE",
                "modifiedConfidentialityImpact": "LOW",
                "modifiedIntegrityImpact": "LOW",
                "modifiedPrivilegesRequired": "LOW",
                "modifiedScope": "CHANGED",
                "modifiedUserInteraction": "REQUIRED",
                "privilegesRequired": "LOW",
                "remediationLevel": "NOT_DEFINED",
                "reportConfidence": "NOT_DEFINED",
                "scope": "CHANGED",
                "temporalScore": 5.4,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Cross-site Scripting (Stored XSS) (CWE-79)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-07T13:50:19.242Z",
            "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
            "shortName": "adobe"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "assignerShortName": "adobe",
        "cveId": "CVE-2023-48543",
        "datePublished": "2023-12-15T10:17:30.159Z",
        "dateReserved": "2023-11-16T23:29:25.387Z",
        "dateUpdated": "2024-10-07T13:50:19.242Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-48542 (GCVE-0-2023-48542)

    Vulnerability from nvd – Published: 2023-12-15 10:16 – Updated: 2024-10-07 13:50
    VLAI
    Title
    Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
    Summary
    Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
    CWE
    • CWE-79 - Cross-site Scripting (Stored XSS) (CWE-79)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Adobe Adobe Experience Manager Affected: 0 , ≤ 6.5.18 (semver)
    Create a notification for this product.
    Date Public
    2023-12-12 17:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T21:30:35.443Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Adobe Experience Manager",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "6.5.18",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2023-12-12T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "availabilityRequirement": "NOT_DEFINED",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "confidentialityRequirement": "NOT_DEFINED",
                "environmentalScore": 5.4,
                "environmentalSeverity": "MEDIUM",
                "exploitCodeMaturity": "NOT_DEFINED",
                "integrityImpact": "LOW",
                "integrityRequirement": "NOT_DEFINED",
                "modifiedAttackComplexity": "LOW",
                "modifiedAttackVector": "NETWORK",
                "modifiedAvailabilityImpact": "NONE",
                "modifiedConfidentialityImpact": "LOW",
                "modifiedIntegrityImpact": "LOW",
                "modifiedPrivilegesRequired": "LOW",
                "modifiedScope": "CHANGED",
                "modifiedUserInteraction": "REQUIRED",
                "privilegesRequired": "LOW",
                "remediationLevel": "NOT_DEFINED",
                "reportConfidence": "NOT_DEFINED",
                "scope": "CHANGED",
                "temporalScore": 5.4,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Cross-site Scripting (Stored XSS) (CWE-79)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-07T13:50:30.475Z",
            "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
            "shortName": "adobe"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "assignerShortName": "adobe",
        "cveId": "CVE-2023-48542",
        "datePublished": "2023-12-15T10:16:49.768Z",
        "dateReserved": "2023-11-16T23:29:25.387Z",
        "dateUpdated": "2024-10-07T13:50:30.475Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-48541 (GCVE-0-2023-48541)

    Vulnerability from nvd – Published: 2023-12-15 10:16 – Updated: 2024-10-07 13:50
    VLAI
    Title
    Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
    Summary
    Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
    CWE
    • CWE-79 - Cross-site Scripting (DOM-based XSS) (CWE-79)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Adobe Adobe Experience Manager Affected: 0 , ≤ 6.5.18 (semver)
    Create a notification for this product.
    Date Public
    2023-12-12 17:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T21:30:35.506Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Adobe Experience Manager",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "6.5.18",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2023-12-12T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim\u0027s browser."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "availabilityRequirement": "NOT_DEFINED",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "confidentialityRequirement": "NOT_DEFINED",
                "environmentalScore": 5.4,
                "environmentalSeverity": "MEDIUM",
                "exploitCodeMaturity": "NOT_DEFINED",
                "integrityImpact": "LOW",
                "integrityRequirement": "NOT_DEFINED",
                "modifiedAttackComplexity": "LOW",
                "modifiedAttackVector": "NETWORK",
                "modifiedAvailabilityImpact": "NONE",
                "modifiedConfidentialityImpact": "LOW",
                "modifiedIntegrityImpact": "LOW",
                "modifiedPrivilegesRequired": "LOW",
                "modifiedScope": "CHANGED",
                "modifiedUserInteraction": "REQUIRED",
                "privilegesRequired": "LOW",
                "remediationLevel": "NOT_DEFINED",
                "reportConfidence": "NOT_DEFINED",
                "scope": "CHANGED",
                "temporalScore": 5.4,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-07T13:50:41.898Z",
            "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
            "shortName": "adobe"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "assignerShortName": "adobe",
        "cveId": "CVE-2023-48541",
        "datePublished": "2023-12-15T10:16:25.759Z",
        "dateReserved": "2023-11-16T23:29:25.387Z",
        "dateUpdated": "2024-10-07T13:50:41.898Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-48540 (GCVE-0-2023-48540)

    Vulnerability from nvd – Published: 2023-12-15 10:16 – Updated: 2024-10-07 13:51
    VLAI
    Title
    Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
    Summary
    Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
    CWE
    • CWE-79 - Cross-site Scripting (Stored XSS) (CWE-79)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Adobe Adobe Experience Manager Affected: 0 , ≤ 6.5.18 (semver)
    Create a notification for this product.
    Date Public
    2023-12-12 17:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T21:30:35.443Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Adobe Experience Manager",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "6.5.18",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2023-12-12T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "availabilityRequirement": "NOT_DEFINED",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "confidentialityRequirement": "NOT_DEFINED",
                "environmentalScore": 5.4,
                "environmentalSeverity": "MEDIUM",
                "exploitCodeMaturity": "NOT_DEFINED",
                "integrityImpact": "LOW",
                "integrityRequirement": "NOT_DEFINED",
                "modifiedAttackComplexity": "LOW",
                "modifiedAttackVector": "NETWORK",
                "modifiedAvailabilityImpact": "NONE",
                "modifiedConfidentialityImpact": "LOW",
                "modifiedIntegrityImpact": "LOW",
                "modifiedPrivilegesRequired": "LOW",
                "modifiedScope": "CHANGED",
                "modifiedUserInteraction": "REQUIRED",
                "privilegesRequired": "LOW",
                "remediationLevel": "NOT_DEFINED",
                "reportConfidence": "NOT_DEFINED",
                "scope": "CHANGED",
                "temporalScore": 5.4,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Cross-site Scripting (Stored XSS) (CWE-79)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-07T13:51:27.305Z",
            "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
            "shortName": "adobe"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "assignerShortName": "adobe",
        "cveId": "CVE-2023-48540",
        "datePublished": "2023-12-15T10:16:37.960Z",
        "dateReserved": "2023-11-16T23:29:25.387Z",
        "dateUpdated": "2024-10-07T13:51:27.305Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-48539 (GCVE-0-2023-48539)

    Vulnerability from nvd – Published: 2023-12-15 10:17 – Updated: 2024-10-07 13:52
    VLAI
    Title
    Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
    Summary
    Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
    CWE
    • CWE-79 - Cross-site Scripting (DOM-based XSS) (CWE-79)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Adobe Adobe Experience Manager Affected: 0 , ≤ 6.5.18 (semver)
    Create a notification for this product.
    Date Public
    2023-12-12 17:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T21:30:35.452Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Adobe Experience Manager",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "6.5.18",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2023-12-12T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim\u0027s browser."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "availabilityRequirement": "NOT_DEFINED",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "confidentialityRequirement": "NOT_DEFINED",
                "environmentalScore": 5.4,
                "environmentalSeverity": "MEDIUM",
                "exploitCodeMaturity": "NOT_DEFINED",
                "integrityImpact": "LOW",
                "integrityRequirement": "NOT_DEFINED",
                "modifiedAttackComplexity": "LOW",
                "modifiedAttackVector": "NETWORK",
                "modifiedAvailabilityImpact": "NONE",
                "modifiedConfidentialityImpact": "LOW",
                "modifiedIntegrityImpact": "LOW",
                "modifiedPrivilegesRequired": "LOW",
                "modifiedScope": "CHANGED",
                "modifiedUserInteraction": "REQUIRED",
                "privilegesRequired": "LOW",
                "remediationLevel": "NOT_DEFINED",
                "reportConfidence": "NOT_DEFINED",
                "scope": "CHANGED",
                "temporalScore": 5.4,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-07T13:52:01.105Z",
            "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
            "shortName": "adobe"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "assignerShortName": "adobe",
        "cveId": "CVE-2023-48539",
        "datePublished": "2023-12-15T10:17:07.545Z",
        "dateReserved": "2023-11-16T23:29:25.386Z",
        "dateUpdated": "2024-10-07T13:52:01.105Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-48538 (GCVE-0-2023-48538)

    Vulnerability from nvd – Published: 2023-12-15 10:17 – Updated: 2025-05-07 20:44
    VLAI
    Title
    Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
    Summary
    Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Cross-site Scripting (Stored XSS) (CWE-79)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Adobe Adobe Experience Manager Affected: 0 , ≤ 6.5.18 (semver)
    Create a notification for this product.
    Date Public
    2023-12-12 17:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T21:30:35.443Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-48538",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-07T20:44:23.923441Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-07T20:44:36.204Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Adobe Experience Manager",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "6.5.18",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2023-12-12T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "availabilityRequirement": "NOT_DEFINED",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "confidentialityRequirement": "NOT_DEFINED",
                "environmentalScore": 5.4,
                "environmentalSeverity": "MEDIUM",
                "exploitCodeMaturity": "NOT_DEFINED",
                "integrityImpact": "LOW",
                "integrityRequirement": "NOT_DEFINED",
                "modifiedAttackComplexity": "LOW",
                "modifiedAttackVector": "NETWORK",
                "modifiedAvailabilityImpact": "NONE",
                "modifiedConfidentialityImpact": "LOW",
                "modifiedIntegrityImpact": "LOW",
                "modifiedPrivilegesRequired": "LOW",
                "modifiedScope": "CHANGED",
                "modifiedUserInteraction": "REQUIRED",
                "privilegesRequired": "LOW",
                "remediationLevel": "NOT_DEFINED",
                "reportConfidence": "NOT_DEFINED",
                "scope": "CHANGED",
                "temporalScore": 5.4,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Cross-site Scripting (Stored XSS) (CWE-79)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-07T13:52:11.953Z",
            "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
            "shortName": "adobe"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "assignerShortName": "adobe",
        "cveId": "CVE-2023-48538",
        "datePublished": "2023-12-15T10:17:47.060Z",
        "dateReserved": "2023-11-16T23:29:25.386Z",
        "dateUpdated": "2025-05-07T20:44:36.204Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-48537 (GCVE-0-2023-48537)

    Vulnerability from nvd – Published: 2023-12-15 10:17 – Updated: 2024-10-07 13:52
    VLAI
    Title
    Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
    Summary
    Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
    CWE
    • CWE-79 - Cross-site Scripting (Stored XSS) (CWE-79)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Adobe Adobe Experience Manager Affected: 0 , ≤ 6.5.18 (semver)
    Create a notification for this product.
    Date Public
    2023-12-12 17:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T21:30:35.442Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Adobe Experience Manager",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "6.5.18",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2023-12-12T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "availabilityRequirement": "NOT_DEFINED",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "confidentialityRequirement": "NOT_DEFINED",
                "environmentalScore": 5.4,
                "environmentalSeverity": "MEDIUM",
                "exploitCodeMaturity": "NOT_DEFINED",
                "integrityImpact": "LOW",
                "integrityRequirement": "NOT_DEFINED",
                "modifiedAttackComplexity": "LOW",
                "modifiedAttackVector": "NETWORK",
                "modifiedAvailabilityImpact": "NONE",
                "modifiedConfidentialityImpact": "LOW",
                "modifiedIntegrityImpact": "LOW",
                "modifiedPrivilegesRequired": "LOW",
                "modifiedScope": "CHANGED",
                "modifiedUserInteraction": "REQUIRED",
                "privilegesRequired": "LOW",
                "remediationLevel": "NOT_DEFINED",
                "reportConfidence": "NOT_DEFINED",
                "scope": "CHANGED",
                "temporalScore": 5.4,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Cross-site Scripting (Stored XSS) (CWE-79)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-07T13:52:34.750Z",
            "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
            "shortName": "adobe"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "assignerShortName": "adobe",
        "cveId": "CVE-2023-48537",
        "datePublished": "2023-12-15T10:17:23.062Z",
        "dateReserved": "2023-11-16T23:29:25.386Z",
        "dateUpdated": "2024-10-07T13:52:34.750Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-48536 (GCVE-0-2023-48536)

    Vulnerability from nvd – Published: 2023-12-15 10:16 – Updated: 2024-10-07 13:53
    VLAI
    Title
    Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
    Summary
    Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
    CWE
    • CWE-79 - Cross-site Scripting (DOM-based XSS) (CWE-79)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Adobe Adobe Experience Manager Affected: 0 , ≤ 6.5.18 (semver)
    Create a notification for this product.
    Date Public
    2023-12-12 17:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T21:30:35.457Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Adobe Experience Manager",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "6.5.18",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2023-12-12T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim\u0027s browser."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "availabilityRequirement": "NOT_DEFINED",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "confidentialityRequirement": "NOT_DEFINED",
                "environmentalScore": 5.4,
                "environmentalSeverity": "MEDIUM",
                "exploitCodeMaturity": "NOT_DEFINED",
                "integrityImpact": "LOW",
                "integrityRequirement": "NOT_DEFINED",
                "modifiedAttackComplexity": "LOW",
                "modifiedAttackVector": "NETWORK",
                "modifiedAvailabilityImpact": "NONE",
                "modifiedConfidentialityImpact": "LOW",
                "modifiedIntegrityImpact": "LOW",
                "modifiedPrivilegesRequired": "LOW",
                "modifiedScope": "CHANGED",
                "modifiedUserInteraction": "REQUIRED",
                "privilegesRequired": "LOW",
                "remediationLevel": "NOT_DEFINED",
                "reportConfidence": "NOT_DEFINED",
                "scope": "CHANGED",
                "temporalScore": 5.4,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-07T13:53:08.487Z",
            "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
            "shortName": "adobe"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "assignerShortName": "adobe",
        "cveId": "CVE-2023-48536",
        "datePublished": "2023-12-15T10:16:54.746Z",
        "dateReserved": "2023-11-16T23:29:25.385Z",
        "dateUpdated": "2024-10-07T13:53:08.487Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-48535 (GCVE-0-2023-48535)

    Vulnerability from nvd – Published: 2023-12-15 10:15 – Updated: 2024-10-07 13:53
    VLAI
    Title
    Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
    Summary
    Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
    CWE
    • CWE-79 - Cross-site Scripting (DOM-based XSS) (CWE-79)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Adobe Adobe Experience Manager Affected: 0 , ≤ 6.5.18 (semver)
    Create a notification for this product.
    Date Public
    2023-12-12 17:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T21:30:35.520Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Adobe Experience Manager",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "6.5.18",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2023-12-12T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim\u0027s browser."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "availabilityRequirement": "NOT_DEFINED",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "confidentialityRequirement": "NOT_DEFINED",
                "environmentalScore": 5.4,
                "environmentalSeverity": "MEDIUM",
                "exploitCodeMaturity": "NOT_DEFINED",
                "integrityImpact": "LOW",
                "integrityRequirement": "NOT_DEFINED",
                "modifiedAttackComplexity": "LOW",
                "modifiedAttackVector": "NETWORK",
                "modifiedAvailabilityImpact": "NONE",
                "modifiedConfidentialityImpact": "LOW",
                "modifiedIntegrityImpact": "LOW",
                "modifiedPrivilegesRequired": "LOW",
                "modifiedScope": "CHANGED",
                "modifiedUserInteraction": "REQUIRED",
                "privilegesRequired": "LOW",
                "remediationLevel": "NOT_DEFINED",
                "reportConfidence": "NOT_DEFINED",
                "scope": "CHANGED",
                "temporalScore": 5.4,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-07T13:53:19.952Z",
            "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
            "shortName": "adobe"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "assignerShortName": "adobe",
        "cveId": "CVE-2023-48535",
        "datePublished": "2023-12-15T10:15:56.177Z",
        "dateReserved": "2023-11-16T23:29:25.385Z",
        "dateUpdated": "2024-10-07T13:53:19.952Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-48534 (GCVE-0-2023-48534)

    Vulnerability from nvd – Published: 2023-12-15 10:15 – Updated: 2024-11-25 21:03
    VLAI
    Title
    Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
    Summary
    Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Cross-site Scripting (Stored XSS) (CWE-79)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Adobe Adobe Experience Manager Affected: 0 , ≤ 6.5.18 (semver)
    Create a notification for this product.
    Date Public
    2023-12-12 17:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T21:30:35.504Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-48534",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2023-12-20T17:20:21.881071Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-25T21:03:38.200Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Adobe Experience Manager",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "6.5.18",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2023-12-12T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "availabilityRequirement": "NOT_DEFINED",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "confidentialityRequirement": "NOT_DEFINED",
                "environmentalScore": 5.4,
                "environmentalSeverity": "MEDIUM",
                "exploitCodeMaturity": "NOT_DEFINED",
                "integrityImpact": "LOW",
                "integrityRequirement": "NOT_DEFINED",
                "modifiedAttackComplexity": "LOW",
                "modifiedAttackVector": "NETWORK",
                "modifiedAvailabilityImpact": "NONE",
                "modifiedConfidentialityImpact": "LOW",
                "modifiedIntegrityImpact": "LOW",
                "modifiedPrivilegesRequired": "LOW",
                "modifiedScope": "CHANGED",
                "modifiedUserInteraction": "REQUIRED",
                "privilegesRequired": "LOW",
                "remediationLevel": "NOT_DEFINED",
                "reportConfidence": "NOT_DEFINED",
                "scope": "CHANGED",
                "temporalScore": 5.4,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Cross-site Scripting (Stored XSS) (CWE-79)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-07T13:53:31.423Z",
            "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
            "shortName": "adobe"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "assignerShortName": "adobe",
        "cveId": "CVE-2023-48534",
        "datePublished": "2023-12-15T10:15:56.937Z",
        "dateReserved": "2023-11-16T23:29:25.385Z",
        "dateUpdated": "2024-11-25T21:03:38.200Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-48533 (GCVE-0-2023-48533)

    Vulnerability from nvd – Published: 2023-12-15 10:17 – Updated: 2024-10-07 13:53
    VLAI
    Title
    Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
    Summary
    Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
    CWE
    • CWE-79 - Cross-site Scripting (Stored XSS) (CWE-79)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Adobe Adobe Experience Manager Affected: 0 , ≤ 6.5.18 (semver)
    Create a notification for this product.
    Date Public
    2023-12-12 17:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T21:30:35.457Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Adobe Experience Manager",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "6.5.18",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2023-12-12T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "availabilityRequirement": "NOT_DEFINED",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "confidentialityRequirement": "NOT_DEFINED",
                "environmentalScore": 5.4,
                "environmentalSeverity": "MEDIUM",
                "exploitCodeMaturity": "NOT_DEFINED",
                "integrityImpact": "LOW",
                "integrityRequirement": "NOT_DEFINED",
                "modifiedAttackComplexity": "LOW",
                "modifiedAttackVector": "NETWORK",
                "modifiedAvailabilityImpact": "NONE",
                "modifiedConfidentialityImpact": "LOW",
                "modifiedIntegrityImpact": "LOW",
                "modifiedPrivilegesRequired": "LOW",
                "modifiedScope": "CHANGED",
                "modifiedUserInteraction": "REQUIRED",
                "privilegesRequired": "LOW",
                "remediationLevel": "NOT_DEFINED",
                "reportConfidence": "NOT_DEFINED",
                "scope": "CHANGED",
                "temporalScore": 5.4,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Cross-site Scripting (Stored XSS) (CWE-79)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-07T13:53:54.341Z",
            "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
            "shortName": "adobe"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "assignerShortName": "adobe",
        "cveId": "CVE-2023-48533",
        "datePublished": "2023-12-15T10:17:10.914Z",
        "dateReserved": "2023-11-16T23:29:25.385Z",
        "dateUpdated": "2024-10-07T13:53:54.341Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-48532 (GCVE-0-2023-48532)

    Vulnerability from nvd – Published: 2023-12-15 10:17 – Updated: 2024-10-07 13:54
    VLAI
    Title
    Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
    Summary
    Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
    CWE
    • CWE-79 - Cross-site Scripting (DOM-based XSS) (CWE-79)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Adobe Adobe Experience Manager Affected: 0 , ≤ 6.5.18 (semver)
    Create a notification for this product.
    Date Public
    2023-12-12 17:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T21:30:35.534Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Adobe Experience Manager",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "6.5.18",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2023-12-12T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim\u0027s browser."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "availabilityRequirement": "NOT_DEFINED",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "confidentialityRequirement": "NOT_DEFINED",
                "environmentalScore": 5.4,
                "environmentalSeverity": "MEDIUM",
                "exploitCodeMaturity": "NOT_DEFINED",
                "integrityImpact": "LOW",
                "integrityRequirement": "NOT_DEFINED",
                "modifiedAttackComplexity": "LOW",
                "modifiedAttackVector": "NETWORK",
                "modifiedAvailabilityImpact": "NONE",
                "modifiedConfidentialityImpact": "LOW",
                "modifiedIntegrityImpact": "LOW",
                "modifiedPrivilegesRequired": "LOW",
                "modifiedScope": "CHANGED",
                "modifiedUserInteraction": "REQUIRED",
                "privilegesRequired": "LOW",
                "remediationLevel": "NOT_DEFINED",
                "reportConfidence": "NOT_DEFINED",
                "scope": "CHANGED",
                "temporalScore": 5.4,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-07T13:54:05.404Z",
            "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
            "shortName": "adobe"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "assignerShortName": "adobe",
        "cveId": "CVE-2023-48532",
        "datePublished": "2023-12-15T10:17:37.123Z",
        "dateReserved": "2023-11-16T23:29:25.385Z",
        "dateUpdated": "2024-10-07T13:54:05.404Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-48531 (GCVE-0-2023-48531)

    Vulnerability from nvd – Published: 2023-12-15 10:16 – Updated: 2024-10-07 13:54
    VLAI
    Title
    Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
    Summary
    Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
    CWE
    • CWE-79 - Cross-site Scripting (Stored XSS) (CWE-79)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Adobe Adobe Experience Manager Affected: 0 , ≤ 6.5.18 (semver)
    Create a notification for this product.
    Date Public
    2023-12-12 17:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T21:30:35.520Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Adobe Experience Manager",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "6.5.18",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2023-12-12T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "availabilityRequirement": "NOT_DEFINED",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "confidentialityRequirement": "NOT_DEFINED",
                "environmentalScore": 5.4,
                "environmentalSeverity": "MEDIUM",
                "exploitCodeMaturity": "NOT_DEFINED",
                "integrityImpact": "LOW",
                "integrityRequirement": "NOT_DEFINED",
                "modifiedAttackComplexity": "LOW",
                "modifiedAttackVector": "NETWORK",
                "modifiedAvailabilityImpact": "NONE",
                "modifiedConfidentialityImpact": "LOW",
                "modifiedIntegrityImpact": "LOW",
                "modifiedPrivilegesRequired": "LOW",
                "modifiedScope": "CHANGED",
                "modifiedUserInteraction": "REQUIRED",
                "privilegesRequired": "LOW",
                "remediationLevel": "NOT_DEFINED",
                "reportConfidence": "NOT_DEFINED",
                "scope": "CHANGED",
                "temporalScore": 5.4,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Cross-site Scripting (Stored XSS) (CWE-79)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-07T13:54:28.407Z",
            "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
            "shortName": "adobe"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "assignerShortName": "adobe",
        "cveId": "CVE-2023-48531",
        "datePublished": "2023-12-15T10:16:30.286Z",
        "dateReserved": "2023-11-16T23:29:25.385Z",
        "dateUpdated": "2024-10-07T13:54:28.407Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-48530 (GCVE-0-2023-48530)

    Vulnerability from nvd – Published: 2023-12-15 10:16 – Updated: 2024-10-07 13:55
    VLAI
    Title
    Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
    Summary
    Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
    CWE
    • CWE-79 - Cross-site Scripting (Stored XSS) (CWE-79)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Adobe Adobe Experience Manager Affected: 0 , ≤ 6.5.18 (semver)
    Create a notification for this product.
    Date Public
    2023-12-12 17:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T21:30:35.488Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Adobe Experience Manager",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "6.5.18",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2023-12-12T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "availabilityRequirement": "NOT_DEFINED",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "confidentialityRequirement": "NOT_DEFINED",
                "environmentalScore": 5.4,
                "environmentalSeverity": "MEDIUM",
                "exploitCodeMaturity": "NOT_DEFINED",
                "integrityImpact": "LOW",
                "integrityRequirement": "NOT_DEFINED",
                "modifiedAttackComplexity": "LOW",
                "modifiedAttackVector": "NETWORK",
                "modifiedAvailabilityImpact": "NONE",
                "modifiedConfidentialityImpact": "LOW",
                "modifiedIntegrityImpact": "LOW",
                "modifiedPrivilegesRequired": "LOW",
                "modifiedScope": "CHANGED",
                "modifiedUserInteraction": "REQUIRED",
                "privilegesRequired": "LOW",
                "remediationLevel": "NOT_DEFINED",
                "reportConfidence": "NOT_DEFINED",
                "scope": "CHANGED",
                "temporalScore": 5.4,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Cross-site Scripting (Stored XSS) (CWE-79)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-07T13:55:02.538Z",
            "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
            "shortName": "adobe"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "assignerShortName": "adobe",
        "cveId": "CVE-2023-48530",
        "datePublished": "2023-12-15T10:16:05.597Z",
        "dateReserved": "2023-11-16T23:29:25.385Z",
        "dateUpdated": "2024-10-07T13:55:02.538Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-48529 (GCVE-0-2023-48529)

    Vulnerability from nvd – Published: 2023-12-15 10:15 – Updated: 2024-10-07 13:55
    VLAI
    Title
    Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
    Summary
    Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
    CWE
    • CWE-79 - Cross-site Scripting (Stored XSS) (CWE-79)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Adobe Adobe Experience Manager Affected: 0 , ≤ 6.5.18 (semver)
    Create a notification for this product.
    Date Public
    2023-12-12 17:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T21:30:35.448Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Adobe Experience Manager",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "6.5.18",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2023-12-12T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "availabilityRequirement": "NOT_DEFINED",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "confidentialityRequirement": "NOT_DEFINED",
                "environmentalScore": 5.4,
                "environmentalSeverity": "MEDIUM",
                "exploitCodeMaturity": "NOT_DEFINED",
                "integrityImpact": "LOW",
                "integrityRequirement": "NOT_DEFINED",
                "modifiedAttackComplexity": "LOW",
                "modifiedAttackVector": "NETWORK",
                "modifiedAvailabilityImpact": "NONE",
                "modifiedConfidentialityImpact": "LOW",
                "modifiedIntegrityImpact": "LOW",
                "modifiedPrivilegesRequired": "LOW",
                "modifiedScope": "CHANGED",
                "modifiedUserInteraction": "REQUIRED",
                "privilegesRequired": "LOW",
                "remediationLevel": "NOT_DEFINED",
                "reportConfidence": "NOT_DEFINED",
                "scope": "CHANGED",
                "temporalScore": 5.4,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Cross-site Scripting (Stored XSS) (CWE-79)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-07T13:55:14.102Z",
            "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
            "shortName": "adobe"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "assignerShortName": "adobe",
        "cveId": "CVE-2023-48529",
        "datePublished": "2023-12-15T10:15:59.998Z",
        "dateReserved": "2023-11-16T23:29:25.385Z",
        "dateUpdated": "2024-10-07T13:55:14.102Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-48528 (GCVE-0-2023-48528)

    Vulnerability from nvd – Published: 2023-12-15 10:16 – Updated: 2024-10-07 13:55
    VLAI
    Title
    Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
    Summary
    Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Cross-site Scripting (DOM-based XSS) (CWE-79)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Adobe Adobe Experience Manager Affected: 0 , ≤ 6.5.18 (semver)
    Create a notification for this product.
    Date Public
    2023-12-12 17:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T21:30:35.448Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-48528",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2023-12-20T17:21:46.522707Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-11T13:22:15.826Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Adobe Experience Manager",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "6.5.18",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2023-12-12T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim\u0027s browser."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "availabilityRequirement": "NOT_DEFINED",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "confidentialityRequirement": "NOT_DEFINED",
                "environmentalScore": 5.4,
                "environmentalSeverity": "MEDIUM",
                "exploitCodeMaturity": "NOT_DEFINED",
                "integrityImpact": "LOW",
                "integrityRequirement": "NOT_DEFINED",
                "modifiedAttackComplexity": "LOW",
                "modifiedAttackVector": "NETWORK",
                "modifiedAvailabilityImpact": "NONE",
                "modifiedConfidentialityImpact": "LOW",
                "modifiedIntegrityImpact": "LOW",
                "modifiedPrivilegesRequired": "LOW",
                "modifiedScope": "CHANGED",
                "modifiedUserInteraction": "REQUIRED",
                "privilegesRequired": "LOW",
                "remediationLevel": "NOT_DEFINED",
                "reportConfidence": "NOT_DEFINED",
                "scope": "CHANGED",
                "temporalScore": 5.4,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-07T13:55:25.563Z",
            "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
            "shortName": "adobe"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "assignerShortName": "adobe",
        "cveId": "CVE-2023-48528",
        "datePublished": "2023-12-15T10:16:47.498Z",
        "dateReserved": "2023-11-16T23:29:25.385Z",
        "dateUpdated": "2024-10-07T13:55:25.563Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-48527 (GCVE-0-2023-48527)

    Vulnerability from nvd – Published: 2023-12-15 10:17 – Updated: 2025-05-21 14:12
    VLAI
    Title
    Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
    Summary
    Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Cross-site Scripting (Stored XSS) (CWE-79)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Adobe Adobe Experience Manager Affected: 0 , ≤ 6.5.18 (semver)
    Create a notification for this product.
    Date Public
    2023-12-12 17:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T21:30:35.444Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-48527",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2023-12-18T15:19:15.290591Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-21T14:12:01.869Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Adobe Experience Manager",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "6.5.18",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2023-12-12T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "availabilityRequirement": "NOT_DEFINED",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "confidentialityRequirement": "NOT_DEFINED",
                "environmentalScore": 5.4,
                "environmentalSeverity": "MEDIUM",
                "exploitCodeMaturity": "NOT_DEFINED",
                "integrityImpact": "LOW",
                "integrityRequirement": "NOT_DEFINED",
                "modifiedAttackComplexity": "LOW",
                "modifiedAttackVector": "NETWORK",
                "modifiedAvailabilityImpact": "NONE",
                "modifiedConfidentialityImpact": "LOW",
                "modifiedIntegrityImpact": "LOW",
                "modifiedPrivilegesRequired": "LOW",
                "modifiedScope": "CHANGED",
                "modifiedUserInteraction": "REQUIRED",
                "privilegesRequired": "LOW",
                "remediationLevel": "NOT_DEFINED",
                "reportConfidence": "NOT_DEFINED",
                "scope": "CHANGED",
                "temporalScore": 5.4,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Cross-site Scripting (Stored XSS) (CWE-79)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-07T13:55:36.780Z",
            "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
            "shortName": "adobe"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "assignerShortName": "adobe",
        "cveId": "CVE-2023-48527",
        "datePublished": "2023-12-15T10:17:30.974Z",
        "dateReserved": "2023-11-16T23:29:25.385Z",
        "dateUpdated": "2025-05-21T14:12:01.869Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }