Vulnerabilities > Adobe > Experience Manager > 6.5.2.0

DATE CVE VULNERABILITY TITLE RISK
2020-09-10 CVE-2020-9733 Improper Privilege Management vulnerability in Adobe Experience Manager
An AEM java servlet in AEM versions 6.5.5.0 (and below) and 6.4.8.1 (and below) executes with the permissions of a high privileged service user.
network
low complexity
adobe CWE-269
7.5
2020-09-10 CVE-2020-9732 Cross-site Scripting vulnerability in Adobe Experience Manager
The AEM Forms add-on for versions 6.5.5.0 (and below) and 6.4.8.2 (and below) are affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Sites component.
network
low complexity
adobe CWE-79
critical
9.0
2020-06-12 CVE-2020-9651 Cross-site Scripting vulnerability in Adobe Experience Manager
Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (reflected) vulnerability.
network
low complexity
adobe CWE-79
6.1
2020-06-12 CVE-2020-9648 Cross-site Scripting vulnerability in Adobe Experience Manager
Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting vulnerability.
network
low complexity
adobe CWE-79
6.1
2020-06-12 CVE-2020-9647 Cross-site Scripting vulnerability in Adobe Experience Manager
Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (dom-based) vulnerability.
network
low complexity
adobe CWE-79
6.1
2020-06-12 CVE-2020-9645 Server-Side Request Forgery (SSRF) vulnerability in Adobe Experience Manager
Adobe Experience Manager versions 6.5 and earlier have a blind server-side request forgery (ssrf) vulnerability.
network
low complexity
adobe CWE-918
7.5
2020-06-12 CVE-2020-9644 Cross-site Scripting vulnerability in Adobe Experience Manager
Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (stored) vulnerability.
network
low complexity
adobe CWE-79
5.4
2020-06-12 CVE-2020-9643 Server-Side Request Forgery (SSRF) vulnerability in Adobe Experience Manager
Adobe Experience Manager versions 6.5 and earlier have a server-side request forgery (ssrf) vulnerability.
network
low complexity
adobe CWE-918
7.5
2020-01-15 CVE-2019-16469 Expression Language Injection vulnerability in Adobe Experience Manager
Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have an expression language injection vulnerability.
network
low complexity
adobe CWE-917
7.5
2020-01-15 CVE-2019-16468 Injection vulnerability in Adobe Experience Manager
Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have an user interface injection vulnerability.
network
low complexity
adobe CWE-74
7.5