Vulnerability-Lookup

CVE-2020-9743 (GCVE-0-2020-9743)

Vulnerability from cvelistv5 – Published: 2020-09-10 16:36 – Updated: 2024-09-16 18:28

Title

HTML injection in AEM's content editor component

Summary

AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by an HTML injection vulnerability in the content editor component that allows unauthenticated users to craft an HTTP request that includes arbitrary HTML code in a parameter value. An attacker could then use the malicious GET request to lure victims to perform unsafe actions in the page (ex. phishing).

Severity

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE

CWE-20 - Improper Input Validation (CWE-20)

Assigner

adobe

References

1 reference

URL	Tags
https://helpx.adobe.com/security/products/experie…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
Adobe	Experience Manager	Affected: unspecified , ≤ 6.5.5.0 (custom) Affected: unspecified , ≤ 6.4.8.1 (custom) Affected: unspecified , ≤ 6.3.3.8 (custom) Affected: unspecified , ≤ 6.2 SP1-CFP20 (custom)

Date Public

2020-09-08 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:43:04.590Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/experience-manager/apsb20-56.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Experience Manager",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "6.5.5.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.4.8.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.3.3.8",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.2 SP1-CFP20",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2020-09-08T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by an HTML injection vulnerability in the content editor component that allows unauthenticated users to craft an HTTP request that includes arbitrary HTML code in a parameter value. An attacker could then use the malicious GET request to lure victims to perform unsafe actions in the page (ex. phishing)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "Improper Input Validation (CWE-20)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-09-10T16:36:06.000Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://helpx.adobe.com/security/products/experience-manager/apsb20-56.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "HTML injection in AEM\u0027s content editor component",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "DATE_PUBLIC": "2020-09-08T23:00:00.000Z",
          "ID": "CVE-2020-9743",
          "STATE": "PUBLIC",
          "TITLE": "HTML injection in AEM\u0027s content editor component"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Experience Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "6.5.5.0"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_value": "6.4.8.1"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_value": "6.3.3.8"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_value": "6.2 SP1-CFP20"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Adobe"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by an HTML injection vulnerability in the content editor component that allows unauthenticated users to craft an HTTP request that includes arbitrary HTML code in a parameter value. An attacker could then use the malicious GET request to lure victims to perform unsafe actions in the page (ex. phishing)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "availabilityImpact": "None",
            "baseScore": 5.3,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "integrityImpact": "Low",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "userInteraction": "None",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper Input Validation (CWE-20)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://helpx.adobe.com/security/products/experience-manager/apsb20-56.html",
              "refsource": "MISC",
              "url": "https://helpx.adobe.com/security/products/experience-manager/apsb20-56.html"
            }
          ]
        },
        "source": {
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2020-9743",
    "datePublished": "2020-09-10T16:36:06.556Z",
    "dateReserved": "2020-03-02T00:00:00.000Z",
    "dateUpdated": "2024-09-16T18:28:22.816Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2020-9743",
      "date": "2026-05-30",
      "epss": "0.03316",
      "percentile": "0.87475"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-9743\",\"sourceIdentifier\":\"psirt@adobe.com\",\"published\":\"2020-09-10T17:15:41.377\",\"lastModified\":\"2024-11-21T05:41:12.080\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by an HTML injection vulnerability in the content editor component that allows unauthenticated users to craft an HTTP request that includes arbitrary HTML code in a parameter value. An attacker could then use the malicious GET request to lure victims to perform unsafe actions in the page (ex. phishing).\"},{\"lang\":\"es\",\"value\":\"AEM versiones 6.5.5.0 (y anteriores), 6.4.8.1 (y anteriores), 6.3.3.8 (y anteriores) y 6.2 SP1-CFP20 (y posteriores), est\u00e1n afectadas por una vulnerabilidad de inyecci\u00f3n HTML en el componente content editor que permite a usuarios no autenticados dise\u00f1ar una petici\u00f3n HTTP que incluya c\u00f3digo HTML arbitrario en un valor de par\u00e1metro. Un atacante podr\u00eda utilizar la petici\u00f3n GET maliciosa para atraer a las v\u00edctimas a llevar a cabo acciones no seguras en la p\u00e1gina (por ejemplo, phishing)\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@adobe.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"psirt@adobe.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.3.0.0\",\"versionEndIncluding\":\"6.3.3.8\",\"matchCriteriaId\":\"F61E8D62-4FB7-48E0-A750-C3F6EBE5F613\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.4.0.0\",\"versionEndIncluding\":\"6.4.8.1\",\"matchCriteriaId\":\"0482E99D-21DC-489C-8E0B-707A70A48FC0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.5.0.0\",\"versionEndIncluding\":\"6.5.5.0\",\"matchCriteriaId\":\"C9D06479-83AE-4F9A-BAE9-7849798F1A30\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:experience_manager:6.2.0.0:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE7DD1A2-EB34-4862-878F-0768D91ED375\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:experience_manager:6.2.0.0:sp1-cfp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3E28FB2-DD09-471E-A846-45D00A1DEAE7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:experience_manager:6.2.0.0:sp1-cfp10:*:*:*:*:*:*\",\"matchCriteriaId\":\"1537FAD0-6B8C-440E-ADBE-6E55B5E95545\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:experience_manager:6.2.0.0:sp1-cfp11:*:*:*:*:*:*\",\"matchCriteriaId\":\"80CD82AA-BD51-44ED-843D-155E0253A9EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:experience_manager:6.2.0.0:sp1-cfp12.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F50647B-FD1C-43E4-A688-F9B4ED244028\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:experience_manager:6.2.0.0:sp1-cfp13:*:*:*:*:*:*\",\"matchCriteriaId\":\"A97165F4-F357-4271-A141-4091973F9A34\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:experience_manager:6.2.0.0:sp1-cfp14:*:*:*:*:*:*\",\"matchCriteriaId\":\"92D76A04-0B29-4BF2-B016-7FA82B12FE53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:experience_manager:6.2.0.0:sp1-cfp15:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C555A79-F619-4119-9DEA-0679059F6111\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:experience_manager:6.2.0.0:sp1-cfp16:*:*:*:*:*:*\",\"matchCriteriaId\":\"9732E3D9-15A3-4571-8B40-88B7FF64D994\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:experience_manager:6.2.0.0:sp1-cfp17:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2DB2AFF-4C6D-4CFD-8BCD-6ED5FABF677C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:experience_manager:6.2.0.0:sp1-cfp18:*:*:*:*:*:*\",\"matchCriteriaId\":\"7D72D08D-3B08-4FA9-A5D8-1709229CCAA9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:experience_manager:6.2.0.0:sp1-cfp19:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CEA0E51-6982-4F18-A7BC-500C341E415E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:experience_manager:6.2.0.0:sp1-cfp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"A531C028-FED4-473E-BB08-E4D92C3AE5F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:experience_manager:6.2.0.0:sp1-cfp20:*:*:*:*:*:*\",\"matchCriteriaId\":\"880D18CA-1FF0-436D-91C0-E29C85C4AD8C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:experience_manager:6.2.0.0:sp1-cfp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"D8871723-95D7-4A4A-A232-A7CE7F5EE020\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:experience_manager:6.2.0.0:sp1-cfp4:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C22A756-74DB-4D4F-9B32-00D85F127260\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:experience_manager:6.2.0.0:sp1-cfp5:*:*:*:*:*:*\",\"matchCriteriaId\":\"0EBDA638-4C8A-438F-96E2-B5EAA2B21DCF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:experience_manager:6.2.0.0:sp1-cfp6:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A457620-A285-4F7F-8FA7-3F0C514E4658\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:experience_manager:6.2.0.0:sp1-cfp7:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BA4E1EE-C90A-4028-8DBC-47F6DF90021E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:experience_manager:6.2.0.0:sp1-cfp8:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD076F63-6F46-4852-9080-1AD72B5001F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:experience_manager:6.2.0.0:sp1-cfp9:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D75869C-D57A-480B-941A-8679EABAE593\"}]}]}],\"references\":[{\"url\":\"https://helpx.adobe.com/security/products/experience-manager/apsb20-56.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://helpx.adobe.com/security/products/experience-manager/apsb20-56.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

BDU:2020-05659

Vulnerability from fstec - Published: 08.09.2020

Title

Уязвимость системы управления контентом и медиаданными Adobe Experience Manager, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю выполнить произвольный HTML-код в браузере пользователя

Description

Уязвимость системы управления контентом и медиаданными Adobe Experience Manager связана с недостаточной защитой структуры веб-страницы. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, выполнить произвольный HTML-код в браузере пользователя

Severity


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Vendor

Adobe Systems Inc.

Software Name

Adobe Experience Manager

Software Version

до 6.5.5.0 включительно (Adobe Experience Manager), до 6.4.8.1 включительно (Adobe Experience Manager), до 6.3.3.8 включительно (Adobe Experience Manager), до 6.2 SP1-CFP20 включительно (Adobe Experience Manager)

Possible Mitigations

Использование рекомендаций производителя: https://helpx.adobe.com/security/products/experience-manager/apsb20-56.html

Reference

https://helpx.adobe.com/security/products/experience-manager/apsb20-56.html https://nvd.nist.gov/vuln/detail/CVE-2020-9743

CWE

CWE-79

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Adobe Systems Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 6.5.5.0 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Adobe Experience Manager), \u0434\u043e 6.4.8.1 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Adobe Experience Manager), \u0434\u043e 6.3.3.8 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Adobe Experience Manager), \u0434\u043e 6.2 SP1-CFP20 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Adobe Experience Manager)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://helpx.adobe.com/security/products/experience-manager/apsb20-56.html",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "08.09.2020",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "15.12.2020",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "15.12.2020",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2020-05659",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2020-9743",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Adobe Experience Manager",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043a\u043e\u043d\u0442\u0435\u043d\u0442\u043e\u043c \u0438 \u043c\u0435\u0434\u0438\u0430\u0434\u0430\u043d\u043d\u044b\u043c\u0438 Adobe Experience Manager, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435\u043c \u043c\u0435\u0440 \u043f\u043e \u0437\u0430\u0449\u0438\u0442\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 HTML-\u043a\u043e\u0434 \u0432 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0435 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435 \u043c\u0435\u0440 \u043f\u043e \u0437\u0430\u0449\u0438\u0442\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b (\u0438\u043b\u0438 \\\u00ab\u041c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u0430\u044f \u0441\u0446\u0435\u043d\u0430\u0440\u043d\u0430\u044f \u0430\u0442\u0430\u043a\u0430\\\u00bb) (CWE-79)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043a\u043e\u043d\u0442\u0435\u043d\u0442\u043e\u043c \u0438 \u043c\u0435\u0434\u0438\u0430\u0434\u0430\u043d\u043d\u044b\u043c\u0438 Adobe Experience Manager \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u0437\u0430\u0449\u0438\u0442\u043e\u0439 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 HTML-\u043a\u043e\u0434 \u0432 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0435 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u043d\u044a\u0435\u043a\u0446\u0438\u044f",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://helpx.adobe.com/security/products/experience-manager/apsb20-56.html\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-9743",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-79",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,3)"
}

CNVD-2020-51765

Vulnerability from cnvd - Published: 2020-09-13

Title

Adobe Experience Manager (AEM) HTML注入漏洞

Description

Adobe Experience Manager是一款企业内容管理解决方案，可帮助您简化内容和资产的管理和投放。 Adobe Experience Manager (AEM)存在HTML注入漏洞。攻击者可利用该漏洞在浏览器中注入任意HTML。

Severity

中

Patch Name

Adobe Experience Manager (AEM) HTML注入漏洞的补丁

Patch Description

Adobe Experience Manager是一款企业内容管理解决方案,可帮助您简化内容和资产的管理和投放。 Adobe Experience Manager (AEM) 6.5.5.0、6.4.8.1、6.3.3.8、6.2 SP1-CFP20及更早版本存在HTML注入漏洞。攻击者可利用该漏洞在浏览器中注入任意HTML。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://helpx.adobe.com/security/products/experience-manager/apsb20-56.html

Reference

https://helpx.adobe.com/security/products/experience-manager/apsb20-56.html

Impacted products

Name
['Adobe Adobe Experience Manager (AEM) <=6.5.5.0', 'Adobe Adobe Experience Manager (AEM) <=6.4.8.1', 'Adobe Adobe Experience Manager (AEM) <=6.3.3.8', 'Adobe Adobe Experience Manager (AEM) <=6.2 SP1-CFP20']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-9743",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-9743"
    }
  },
  "description": "Adobe Experience Manager\u662f\u4e00\u6b3e\u4f01\u4e1a\u5185\u5bb9\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\uff0c\u53ef\u5e2e\u52a9\u60a8\u7b80\u5316\u5185\u5bb9\u548c\u8d44\u4ea7\u7684\u7ba1\u7406\u548c\u6295\u653e\u3002\n\nAdobe Experience Manager (AEM)\u5b58\u5728HTML\u6ce8\u5165\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u6d4f\u89c8\u5668\u4e2d\u6ce8\u5165\u4efb\u610fHTML\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://helpx.adobe.com/security/products/experience-manager/apsb20-56.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-51765",
  "openTime": "2020-09-13",
  "patchDescription": "Adobe Experience Manager\u662f\u4e00\u6b3e\u4f01\u4e1a\u5185\u5bb9\u7ba1\u7406\u89e3\u51b3\u65b9\u6848,\u53ef\u5e2e\u52a9\u60a8\u7b80\u5316\u5185\u5bb9\u548c\u8d44\u4ea7\u7684\u7ba1\u7406\u548c\u6295\u653e\u3002\r\nAdobe Experience Manager (AEM) 6.5.5.0\u30016.4.8.1\u30016.3.3.8\u30016.2 SP1-CFP20\u53ca\u66f4\u65e9\u7248\u672c\u5b58\u5728HTML\u6ce8\u5165\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u6d4f\u89c8\u5668\u4e2d\u6ce8\u5165\u4efb\u610fHTML\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Adobe Experience Manager (AEM) HTML\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Adobe Adobe Experience Manager (AEM) \u003c=6.5.5.0",
      "Adobe Adobe Experience Manager (AEM) \u003c=6.4.8.1",
      "Adobe Adobe Experience Manager (AEM) \u003c=6.3.3.8",
      "Adobe Adobe Experience Manager (AEM) \u003c=6.2 SP1-CFP20"
    ]
  },
  "referenceLink": "https://helpx.adobe.com/security/products/experience-manager/apsb20-56.html",
  "serverity": "\u4e2d",
  "submitTime": "2020-09-09",
  "title": "Adobe Experience Manager (AEM) HTML\u6ce8\u5165\u6f0f\u6d1e"
}

FKIE_CVE-2020-9743

Vulnerability from fkie_nvd - Published: 2020-09-10 17:15 - Updated: 2024-11-21 05:41

Severity

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

References

	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/experience-manager/apsb20-56.html	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://helpx.adobe.com/security/products/experience-manager/apsb20-56.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	experience_manager	*
adobe	experience_manager	*
adobe	experience_manager	*
adobe	experience_manager	6.2.0.0
adobe	experience_manager	6.2.0.0
adobe	experience_manager	6.2.0.0
adobe	experience_manager	6.2.0.0
adobe	experience_manager	6.2.0.0
adobe	experience_manager	6.2.0.0
adobe	experience_manager	6.2.0.0
adobe	experience_manager	6.2.0.0
adobe	experience_manager	6.2.0.0
adobe	experience_manager	6.2.0.0
adobe	experience_manager	6.2.0.0
adobe	experience_manager	6.2.0.0
adobe	experience_manager	6.2.0.0
adobe	experience_manager	6.2.0.0
adobe	experience_manager	6.2.0.0
adobe	experience_manager	6.2.0.0
adobe	experience_manager	6.2.0.0
adobe	experience_manager	6.2.0.0
adobe	experience_manager	6.2.0.0
adobe	experience_manager	6.2.0.0
adobe	experience_manager	6.2.0.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F61E8D62-4FB7-48E0-A750-C3F6EBE5F613",
              "versionEndIncluding": "6.3.3.8",
              "versionStartIncluding": "6.3.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0482E99D-21DC-489C-8E0B-707A70A48FC0",
              "versionEndIncluding": "6.4.8.1",
              "versionStartIncluding": "6.4.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9D06479-83AE-4F9A-BAE9-7849798F1A30",
              "versionEndIncluding": "6.5.5.0",
              "versionStartIncluding": "6.5.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:experience_manager:6.2.0.0:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "AE7DD1A2-EB34-4862-878F-0768D91ED375",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:experience_manager:6.2.0.0:sp1-cfp1:*:*:*:*:*:*",
              "matchCriteriaId": "E3E28FB2-DD09-471E-A846-45D00A1DEAE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:experience_manager:6.2.0.0:sp1-cfp10:*:*:*:*:*:*",
              "matchCriteriaId": "1537FAD0-6B8C-440E-ADBE-6E55B5E95545",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:experience_manager:6.2.0.0:sp1-cfp11:*:*:*:*:*:*",
              "matchCriteriaId": "80CD82AA-BD51-44ED-843D-155E0253A9EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:experience_manager:6.2.0.0:sp1-cfp12.1:*:*:*:*:*:*",
              "matchCriteriaId": "0F50647B-FD1C-43E4-A688-F9B4ED244028",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:experience_manager:6.2.0.0:sp1-cfp13:*:*:*:*:*:*",
              "matchCriteriaId": "A97165F4-F357-4271-A141-4091973F9A34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:experience_manager:6.2.0.0:sp1-cfp14:*:*:*:*:*:*",
              "matchCriteriaId": "92D76A04-0B29-4BF2-B016-7FA82B12FE53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:experience_manager:6.2.0.0:sp1-cfp15:*:*:*:*:*:*",
              "matchCriteriaId": "0C555A79-F619-4119-9DEA-0679059F6111",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:experience_manager:6.2.0.0:sp1-cfp16:*:*:*:*:*:*",
              "matchCriteriaId": "9732E3D9-15A3-4571-8B40-88B7FF64D994",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:experience_manager:6.2.0.0:sp1-cfp17:*:*:*:*:*:*",
              "matchCriteriaId": "B2DB2AFF-4C6D-4CFD-8BCD-6ED5FABF677C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:experience_manager:6.2.0.0:sp1-cfp18:*:*:*:*:*:*",
              "matchCriteriaId": "7D72D08D-3B08-4FA9-A5D8-1709229CCAA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:experience_manager:6.2.0.0:sp1-cfp19:*:*:*:*:*:*",
              "matchCriteriaId": "2CEA0E51-6982-4F18-A7BC-500C341E415E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:experience_manager:6.2.0.0:sp1-cfp2:*:*:*:*:*:*",
              "matchCriteriaId": "A531C028-FED4-473E-BB08-E4D92C3AE5F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:experience_manager:6.2.0.0:sp1-cfp20:*:*:*:*:*:*",
              "matchCriteriaId": "880D18CA-1FF0-436D-91C0-E29C85C4AD8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:experience_manager:6.2.0.0:sp1-cfp3:*:*:*:*:*:*",
              "matchCriteriaId": "D8871723-95D7-4A4A-A232-A7CE7F5EE020",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:experience_manager:6.2.0.0:sp1-cfp4:*:*:*:*:*:*",
              "matchCriteriaId": "8C22A756-74DB-4D4F-9B32-00D85F127260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:experience_manager:6.2.0.0:sp1-cfp5:*:*:*:*:*:*",
              "matchCriteriaId": "0EBDA638-4C8A-438F-96E2-B5EAA2B21DCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:experience_manager:6.2.0.0:sp1-cfp6:*:*:*:*:*:*",
              "matchCriteriaId": "5A457620-A285-4F7F-8FA7-3F0C514E4658",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:experience_manager:6.2.0.0:sp1-cfp7:*:*:*:*:*:*",
              "matchCriteriaId": "9BA4E1EE-C90A-4028-8DBC-47F6DF90021E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:experience_manager:6.2.0.0:sp1-cfp8:*:*:*:*:*:*",
              "matchCriteriaId": "BD076F63-6F46-4852-9080-1AD72B5001F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:experience_manager:6.2.0.0:sp1-cfp9:*:*:*:*:*:*",
              "matchCriteriaId": "6D75869C-D57A-480B-941A-8679EABAE593",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by an HTML injection vulnerability in the content editor component that allows unauthenticated users to craft an HTTP request that includes arbitrary HTML code in a parameter value. An attacker could then use the malicious GET request to lure victims to perform unsafe actions in the page (ex. phishing)."
    },
    {
      "lang": "es",
      "value": "AEM versiones 6.5.5.0 (y anteriores), 6.4.8.1 (y anteriores), 6.3.3.8 (y anteriores) y 6.2 SP1-CFP20 (y posteriores), est\u00e1n afectadas por una vulnerabilidad de inyecci\u00f3n HTML en el componente content editor que permite a usuarios no autenticados dise\u00f1ar una petici\u00f3n HTTP que incluya c\u00f3digo HTML arbitrario en un valor de par\u00e1metro. Un atacante podr\u00eda utilizar la petici\u00f3n GET maliciosa para atraer a las v\u00edctimas a llevar a cabo acciones no seguras en la p\u00e1gina (por ejemplo, phishing)"
    }
  ],
  "id": "CVE-2020-9743",
  "lastModified": "2024-11-21T05:41:12.080",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "psirt@adobe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-09-10T17:15:41.377",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/experience-manager/apsb20-56.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/experience-manager/apsb20-56.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-H5M3-8VHJ-CGJG

Vulnerability from github – Published: 2022-05-24 17:27 – Updated: 2022-05-24 17:27

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-9743"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-09-10T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by an HTML injection vulnerability in the content editor component that allows unauthenticated users to craft an HTTP request that includes arbitrary HTML code in a parameter value. An attacker could then use the malicious GET request to lure victims to perform unsafe actions in the page (ex. phishing).",
  "id": "GHSA-h5m3-8vhj-cgjg",
  "modified": "2022-05-24T17:27:52Z",
  "published": "2022-05-24T17:27:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9743"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/experience-manager/apsb20-56.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2020-9743

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2020-9743

Aliases

CVE-2020-9743

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-9743",
    "description": "AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by an HTML injection vulnerability in the content editor component that allows unauthenticated users to craft an HTTP request that includes arbitrary HTML code in a parameter value. An attacker could then use the malicious GET request to lure victims to perform unsafe actions in the page (ex. phishing).",
    "id": "GSD-2020-9743"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-9743"
      ],
      "details": "AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by an HTML injection vulnerability in the content editor component that allows unauthenticated users to craft an HTTP request that includes arbitrary HTML code in a parameter value. An attacker could then use the malicious GET request to lure victims to perform unsafe actions in the page (ex. phishing).",
      "id": "GSD-2020-9743",
      "modified": "2023-12-13T01:21:53.196006Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@adobe.com",
        "DATE_PUBLIC": "2020-09-08T23:00:00.000Z",
        "ID": "CVE-2020-9743",
        "STATE": "PUBLIC",
        "TITLE": "HTML injection in AEM\u0027s content editor component"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Experience Manager",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_value": "6.5.5.0"
                        },
                        {
                          "version_affected": "\u003c=",
                          "version_value": "6.4.8.1"
                        },
                        {
                          "version_affected": "\u003c=",
                          "version_value": "6.3.3.8"
                        },
                        {
                          "version_affected": "\u003c=",
                          "version_value": "6.2 SP1-CFP20"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Adobe"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by an HTML injection vulnerability in the content editor component that allows unauthenticated users to craft an HTTP request that includes arbitrary HTML code in a parameter value. An attacker could then use the malicious GET request to lure victims to perform unsafe actions in the page (ex. phishing)."
          }
        ]
      },
      "impact": {
        "cvss": {
          "attackComplexity": "Low",
          "attackVector": "Network",
          "availabilityImpact": "None",
          "baseScore": 5.3,
          "baseSeverity": "Medium",
          "confidentialityImpact": "None",
          "integrityImpact": "Low",
          "privilegesRequired": "None",
          "scope": "Unchanged",
          "userInteraction": "None",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Improper Input Validation (CWE-20)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://helpx.adobe.com/security/products/experience-manager/apsb20-56.html",
            "refsource": "MISC",
            "url": "https://helpx.adobe.com/security/products/experience-manager/apsb20-56.html"
          }
        ]
      },
      "source": {
        "discovery": "EXTERNAL"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:adobe:experience_manager:6.2.0.0:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:experience_manager:6.2.0.0:sp1-cfp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:experience_manager:6.2.0.0:sp1-cfp10:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:experience_manager:6.2.0.0:sp1-cfp11:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:experience_manager:6.2.0.0:sp1-cfp12.1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:experience_manager:6.2.0.0:sp1-cfp13:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:experience_manager:6.2.0.0:sp1-cfp14:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:experience_manager:6.2.0.0:sp1-cfp15:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:experience_manager:6.2.0.0:sp1-cfp16:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:experience_manager:6.2.0.0:sp1-cfp17:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:experience_manager:6.2.0.0:sp1-cfp18:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:experience_manager:6.2.0.0:sp1-cfp19:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:experience_manager:6.2.0.0:sp1-cfp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:experience_manager:6.2.0.0:sp1-cfp20:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:experience_manager:6.2.0.0:sp1-cfp3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:experience_manager:6.2.0.0:sp1-cfp4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:experience_manager:6.2.0.0:sp1-cfp5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:experience_manager:6.2.0.0:sp1-cfp6:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:experience_manager:6.2.0.0:sp1-cfp7:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:experience_manager:6.2.0.0:sp1-cfp8:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:experience_manager:6.2.0.0:sp1-cfp9:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.3.3.8",
                "versionStartIncluding": "6.3.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.4.8.1",
                "versionStartIncluding": "6.4.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.5.5.0",
                "versionStartIncluding": "6.5.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2020-9743"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by an HTML injection vulnerability in the content editor component that allows unauthenticated users to craft an HTTP request that includes arbitrary HTML code in a parameter value. An attacker could then use the malicious GET request to lure victims to perform unsafe actions in the page (ex. phishing)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://helpx.adobe.com/security/products/experience-manager/apsb20-56.html",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://helpx.adobe.com/security/products/experience-manager/apsb20-56.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 2.7
        }
      },
      "lastModifiedDate": "2021-09-14T17:30Z",
      "publishedDate": "2020-09-10T17:15Z"
    }
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-9743 (GCVE-0-2020-9743)

BDU:2020-05659

CNVD-2020-51765

FKIE_CVE-2020-9743

GHSA-H5M3-8VHJ-CGJG

GSD-2020-9743

Tags

Sightings

Nomenclature