Vulnerabilities > Adobe > Experience Manager > 6.3.3.8
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-10 | CVE-2020-9743 | Cross-site Scripting vulnerability in Adobe Experience Manager AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by an HTML injection vulnerability in the content editor component that allows unauthenticated users to craft an HTTP request that includes arbitrary HTML code in a parameter value. | 6.1 |
| 2020-09-10 | CVE-2020-9742 | Cross-site Scripting vulnerability in Adobe Experience Manager AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below) and 6.3.3.8 (and below) are affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Inbox calendar feature. | 5.4 |
| 2020-09-10 | CVE-2020-9740 | Cross-site Scripting vulnerability in Adobe Experience Manager AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Design Importer. | 5.4 |
| 2020-09-10 | CVE-2020-9738 | Cross-site Scripting vulnerability in Adobe Experience Manager AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields. | 4.8 |
| 2020-09-10 | CVE-2020-9737 | Cross-site Scripting vulnerability in Adobe Experience Manager AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields. | 4.8 |
| 2020-09-10 | CVE-2020-9736 | Cross-site Scripting vulnerability in Adobe Experience Manager AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields. | 4.8 |
| 2020-09-10 | CVE-2020-9735 | Cross-site Scripting vulnerability in Adobe Experience Manager AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields. | 4.8 |
| 2020-09-10 | CVE-2020-9733 | Improper Privilege Management vulnerability in Adobe Experience Manager An AEM java servlet in AEM versions 6.5.5.0 (and below) and 6.4.8.1 (and below) executes with the permissions of a high privileged service user. | 7.5 |
| 2020-09-10 | CVE-2020-9732 | Cross-site Scripting vulnerability in Adobe Experience Manager The AEM Forms add-on for versions 6.5.5.0 (and below) and 6.4.8.2 (and below) are affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Sites component. | 9.0 |
| 2020-03-25 | CVE-2020-3769 | Server-Side Request Forgery (SSRF) vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5 and earlier have a server-side request forgery (ssrf) vulnerability. | 7.5 |