Total
6 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-9733 | 1 Adobe | 2 Experience Manager, Experience Manager Forms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
An AEM java servlet in AEM versions 6.5.5.0 (and below) and 6.4.8.1 (and below) executes with the permissions of a high privileged service user. If exploited, this could lead to read-only access to sensitive data in an AEM repository. | |||||
CVE-2020-9732 | 1 Adobe | 2 Experience Manager, Experience Manager Forms | 2024-11-21 | 6.0 MEDIUM | 9.0 CRITICAL |
The AEM Forms add-on for versions 6.5.5.0 (and below) and 6.4.8.2 (and below) are affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Sites component. These scripts may be executed in a victim’s browser when they open the page containing the vulnerable field. | |||||
CVE-2019-8089 | 1 Adobe | 1 Experience Manager Forms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Adobe Experience Manager Forms versions 6.3-6.5 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | |||||
CVE-2019-7129 | 1 Adobe | 1 Experience Manager Forms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Adobe Experience Manager Forms versions 6.2, 6.3 and 6.4 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | |||||
CVE-2017-3067 | 1 Adobe | 1 Experience Manager Forms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
Adobe Experience Manager Forms versions 6.2, 6.1, 6.0 have an information disclosure vulnerability resulting from abuse of the pre-population service in AEM Forms. | |||||
CVE-2016-6934 | 1 Adobe | 2 Experience Manager Forms, Livecycle | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Adobe Experience Manager Forms versions 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4 have an input validation issue in the PMAdmin module that could be used in cross-site scripting attacks. |