Vulnerabilities > Adobe > Experience Manager
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-24 | CVE-2021-28626 | Unspecified vulnerability in Adobe Experience Manager Adobe Experience Manager Cloud Service offering, as well as versions 6.5.8.0 (and below) is affected by an Improper Authorization vulnerability allowing users to create nodes under a location. | 7.5 |
| 2021-08-24 | CVE-2021-28627 | Server-Side Request Forgery (SSRF) vulnerability in Adobe Experience Manager Adobe Experience Manager Cloud Service offering, as well as versions 6.5.8.0 (and below) is affected by a Server-side Request Forgery. | 8.8 |
| 2021-08-24 | CVE-2021-28628 | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager Cloud Service offering, as well as versions 6.5.8.0 (and below) is affected by a Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 6.1 |
| 2021-06-28 | CVE-2021-21083 | Unspecified vulnerability in Adobe Experience Manager AEM's Cloud Service offering, as well as versions 6.5.7.0 (and below), 6.4.8.3 (and below) and 6.3.3.8 (and below) are affected by an Improper Access Control vulnerability. | 7.5 |
| 2021-06-28 | CVE-2021-21084 | Cross-site Scripting vulnerability in Adobe Experience Manager AEM's Cloud Service offering, as well as versions 6.5.7.0 (and below), 6.4.8.3 (and below) and 6.3.3.8 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 6.1 |
| 2020-12-10 | CVE-2020-24445 | Cross-site Scripting vulnerability in Adobe products AEM's Cloud Service offering, as well as version 6.5.6.0 (and below), are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 9.0 |
| 2020-09-10 | CVE-2020-9743 | Cross-site Scripting vulnerability in Adobe Experience Manager AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by an HTML injection vulnerability in the content editor component that allows unauthenticated users to craft an HTTP request that includes arbitrary HTML code in a parameter value. | 6.1 |
| 2020-09-10 | CVE-2020-9742 | Cross-site Scripting vulnerability in Adobe Experience Manager AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below) and 6.3.3.8 (and below) are affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Inbox calendar feature. | 5.4 |
| 2020-09-10 | CVE-2020-9741 | Cross-site Scripting vulnerability in Adobe Experience Manager The AEM forms add-on for versions 6.5.5.0 (and below) and 6.4.8.2 (and below) is affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Forms component. | 5.4 |
| 2020-09-10 | CVE-2020-9740 | Cross-site Scripting vulnerability in Adobe Experience Manager AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Design Importer. | 5.4 |