Vulnerabilities (CVE)

Filtered by vendor Adobe Subscribe
Filtered by product Experience Manager
Total 523 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-9734 1 Adobe 1 Experience Manager 2024-11-21 3.5 LOW 9.0 CRITICAL
The AEM Forms add-on for versions 6.5.5.0 (and below) and 6.4.8.1 (and below) is affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Forms component. These scripts may be executed in a victim’s browser when they open the page containing the vulnerable field.
CVE-2020-9733 1 Adobe 2 Experience Manager, Experience Manager Forms 2024-11-21 5.0 MEDIUM 7.5 HIGH
An AEM java servlet in AEM versions 6.5.5.0 (and below) and 6.4.8.1 (and below) executes with the permissions of a high privileged service user. If exploited, this could lead to read-only access to sensitive data in an AEM repository.
CVE-2020-9732 1 Adobe 2 Experience Manager, Experience Manager Forms 2024-11-21 6.0 MEDIUM 9.0 CRITICAL
The AEM Forms add-on for versions 6.5.5.0 (and below) and 6.4.8.2 (and below) are affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Sites component. These scripts may be executed in a victim’s browser when they open the page containing the vulnerable field.
CVE-2020-9651 1 Adobe 1 Experience Manager 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (reflected) vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser.
CVE-2020-9648 1 Adobe 1 Experience Manager 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser.
CVE-2020-9647 1 Adobe 1 Experience Manager 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (dom-based) vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser.
CVE-2020-9645 1 Adobe 1 Experience Manager 2024-11-21 5.0 MEDIUM 7.5 HIGH
Adobe Experience Manager versions 6.5 and earlier have a blind server-side request forgery (ssrf) vulnerability. Successful exploitation could lead to sensitive information disclosure.
CVE-2020-9644 1 Adobe 1 Experience Manager 2024-11-21 3.5 LOW 5.4 MEDIUM
Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (stored) vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser.
CVE-2020-9643 1 Adobe 1 Experience Manager 2024-11-21 5.0 MEDIUM 7.5 HIGH
Adobe Experience Manager versions 6.5 and earlier have a server-side request forgery (ssrf) vulnerability. Successful exploitation could lead to sensitive information disclosure.
CVE-2020-3769 1 Adobe 1 Experience Manager 2024-11-21 5.0 MEDIUM 7.5 HIGH
Adobe Experience Manager versions 6.5 and earlier have a server-side request forgery (ssrf) vulnerability. Successful exploitation could lead to sensitive information disclosure.
CVE-2020-3741 1 Adobe 1 Experience Manager 2024-11-21 5.0 MEDIUM 7.5 HIGH
Adobe Experience Manager versions 6.5, and 6.4 have an uncontrolled resource consumption vulnerability. Successful exploitation could lead to denial-of-service.
CVE-2020-24445 1 Adobe 2 Experience Manager, Experience Manager Cloud Service 2024-11-21 3.5 LOW 9.0 CRITICAL
AEM's Cloud Service offering, as well as version 6.5.6.0 (and below), are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVE-2019-8234 1 Adobe 1 Experience Manager 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a cross-site request forgery vulnerability. Successful exploitation could lead to sensitive information disclosure.
CVE-2019-8088 1 Adobe 1 Experience Manager 2024-11-21 7.5 HIGH 9.8 CRITICAL
Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE-2019-8087 1 Adobe 1 Experience Manager 2024-11-21 5.0 MEDIUM 7.5 HIGH
Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a xml external entity injection vulnerability. Successful exploitation could lead to sensitive information disclosure.
CVE-2019-8086 1 Adobe 1 Experience Manager 2024-11-21 5.0 MEDIUM 7.5 HIGH
Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a xml external entity injection vulnerability. Successful exploitation could lead to sensitive information disclosure.
CVE-2019-8085 1 Adobe 1 Experience Manager 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a reflected cross site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
CVE-2019-8084 1 Adobe 1 Experience Manager 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a reflected cross site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
CVE-2019-8083 1 Adobe 1 Experience Manager 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Adobe Experience Manager versions 6.5, 6.4 and 6.3 have a cross site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
CVE-2019-8082 1 Adobe 1 Experience Manager 2024-11-21 5.0 MEDIUM 7.5 HIGH
Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a xml external entity injection vulnerability. Successful exploitation could lead to sensitive information disclosure.