Multiple vulnerabilities in Adobe Experience Manager
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 185 |
| CVE-ID | CVE-2023-48567 CVE-2023-48559 CVE-2023-48560 CVE-2023-48561 CVE-2023-48562 CVE-2023-48563 CVE-2023-48564 CVE-2023-48565 CVE-2023-48566 CVE-2023-48568 CVE-2023-48557 CVE-2023-48569 CVE-2023-48570 CVE-2023-48571 CVE-2023-48572 CVE-2023-48573 CVE-2023-48574 CVE-2023-48575 CVE-2023-48576 CVE-2023-48577 CVE-2023-48558 CVE-2023-48556 CVE-2023-48579 CVE-2023-48544 CVE-2023-48535 CVE-2023-48536 CVE-2023-48537 CVE-2023-48538 CVE-2023-48539 CVE-2023-48540 CVE-2023-48541 CVE-2023-48542 CVE-2023-48543 CVE-2023-48545 CVE-2023-48555 CVE-2023-48546 CVE-2023-48547 CVE-2023-48548 CVE-2023-48549 CVE-2023-48550 CVE-2023-48551 CVE-2023-48552 CVE-2023-48553 CVE-2023-48554 CVE-2023-48578 CVE-2023-48580 CVE-2023-48533 CVE-2023-48614 CVE-2023-48606 CVE-2023-48607 CVE-2023-48608 CVE-2023-48609 CVE-2023-48610 CVE-2023-48611 CVE-2023-48612 CVE-2023-48613 CVE-2023-48615 CVE-2023-48604 CVE-2023-48616 CVE-2023-48617 CVE-2023-48618 CVE-2023-48619 CVE-2023-48620 CVE-2023-48621 CVE-2023-48622 CVE-2023-48623 CVE-2023-48624 CVE-2023-48605 CVE-2023-48603 CVE-2023-48581 CVE-2023-48591 CVE-2023-48582 CVE-2023-48583 CVE-2023-48584 CVE-2023-48585 CVE-2023-48586 CVE-2023-48587 CVE-2023-48588 CVE-2023-48589 CVE-2023-48590 CVE-2023-48592 CVE-2023-48602 CVE-2023-48593 CVE-2023-48594 CVE-2023-48595 CVE-2023-48596 CVE-2023-48597 CVE-2023-48598 CVE-2023-48599 CVE-2023-48600 CVE-2023-48601 CVE-2023-48534 CVE-2023-48532 CVE-2023-48440 CVE-2023-48473 CVE-2023-48465 CVE-2023-48466 CVE-2023-48467 CVE-2023-48468 CVE-2023-48469 CVE-2023-48470 CVE-2023-48471 CVE-2023-48472 CVE-2023-48474 CVE-2023-48463 CVE-2023-48475 CVE-2023-48476 CVE-2023-48477 CVE-2023-48478 CVE-2023-48479 CVE-2023-48480 CVE-2023-48481 CVE-2023-48482 CVE-2023-48483 CVE-2023-48464 CVE-2023-48462 CVE-2023-48485 CVE-2023-48450 CVE-2023-48441 CVE-2023-48442 CVE-2023-48443 CVE-2023-48444 CVE-2023-48445 CVE-2023-48446 CVE-2023-48447 CVE-2023-48448 CVE-2023-48449 CVE-2023-48451 CVE-2023-48461 CVE-2023-48452 CVE-2023-48453 CVE-2023-48454 CVE-2023-48455 CVE-2023-48456 CVE-2023-48457 CVE-2023-48458 CVE-2023-48459 CVE-2023-48460 CVE-2023-48484 CVE-2023-48486 CVE-2023-48531 CVE-2023-48520 CVE-2023-48512 CVE-2023-48513 CVE-2023-48514 CVE-2023-48515 CVE-2023-48516 CVE-2023-48517 CVE-2023-48518 CVE-2023-48519 CVE-2023-48521 CVE-2023-48510 CVE-2023-48522 CVE-2023-48523 CVE-2023-48524 CVE-2023-48525 CVE-2023-48526 CVE-2023-48527 CVE-2023-48528 CVE-2023-48529 CVE-2023-48530 CVE-2023-48511 CVE-2023-48509 CVE-2023-48487 CVE-2023-48497 CVE-2023-48488 CVE-2023-48489 CVE-2023-48490 CVE-2023-48491 CVE-2023-48492 CVE-2023-48493 CVE-2023-48494 CVE-2023-48495 CVE-2023-48496 CVE-2023-48498 CVE-2023-48508 CVE-2023-48499 CVE-2023-48500 CVE-2023-48501 CVE-2023-48502 CVE-2023-48503 CVE-2023-48504 CVE-2023-48505 CVE-2023-48506 CVE-2023-48507 |
| CWE-ID | CWE-79 CWE-284 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Adobe Experience Manager Client/Desktop applications / Office applications |
| Vendor | Adobe |
Security Bulletin
This security bulletin contains information about 185 vulnerabilities.
1) Stored cross-site scripting
EUVDB-ID: #VU84286
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48567
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Stored cross-site scripting
EUVDB-ID: #VU84278
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48559
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Stored cross-site scripting
EUVDB-ID: #VU84279
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48560
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Stored cross-site scripting
EUVDB-ID: #VU84280
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48561
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Stored cross-site scripting
EUVDB-ID: #VU84281
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48562
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Stored cross-site scripting
EUVDB-ID: #VU84282
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48563
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Stored cross-site scripting
EUVDB-ID: #VU84283
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48564
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Stored cross-site scripting
EUVDB-ID: #VU84284
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48565
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Stored cross-site scripting
EUVDB-ID: #VU84285
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48566
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Stored cross-site scripting
EUVDB-ID: #VU84287
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48568
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Stored cross-site scripting
EUVDB-ID: #VU84276
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48557
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Stored cross-site scripting
EUVDB-ID: #VU84288
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48569
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Stored cross-site scripting
EUVDB-ID: #VU84289
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48570
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Stored cross-site scripting
EUVDB-ID: #VU84290
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48571
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Stored cross-site scripting
EUVDB-ID: #VU84291
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48572
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Stored cross-site scripting
EUVDB-ID: #VU84292
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48573
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Stored cross-site scripting
EUVDB-ID: #VU84293
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48574
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Stored cross-site scripting
EUVDB-ID: #VU84294
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48575
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Stored cross-site scripting
EUVDB-ID: #VU84295
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48576
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Stored cross-site scripting
EUVDB-ID: #VU84296
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48577
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Stored cross-site scripting
EUVDB-ID: #VU84277
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48558
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Stored cross-site scripting
EUVDB-ID: #VU84275
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48556
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Stored cross-site scripting
EUVDB-ID: #VU84298
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48579
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Stored cross-site scripting
EUVDB-ID: #VU84263
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48544
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Stored cross-site scripting
EUVDB-ID: #VU84254
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48535
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Stored cross-site scripting
EUVDB-ID: #VU84255
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48536
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Stored cross-site scripting
EUVDB-ID: #VU84256
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48537
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Stored cross-site scripting
EUVDB-ID: #VU84257
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48538
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Stored cross-site scripting
EUVDB-ID: #VU84258
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48539
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Stored cross-site scripting
EUVDB-ID: #VU84259
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48540
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Stored cross-site scripting
EUVDB-ID: #VU84260
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48541
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Stored cross-site scripting
EUVDB-ID: #VU84261
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48542
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Stored cross-site scripting
EUVDB-ID: #VU84262
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48543
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Stored cross-site scripting
EUVDB-ID: #VU84264
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48545
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Stored cross-site scripting
EUVDB-ID: #VU84274
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48555
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Stored cross-site scripting
EUVDB-ID: #VU84265
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48546
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Stored cross-site scripting
EUVDB-ID: #VU84266
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48547
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Stored cross-site scripting
EUVDB-ID: #VU84267
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48548
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Stored cross-site scripting
EUVDB-ID: #VU84268
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48549
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Stored cross-site scripting
EUVDB-ID: #VU84269
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48550
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Stored cross-site scripting
EUVDB-ID: #VU84270
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48551
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Stored cross-site scripting
EUVDB-ID: #VU84271
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48552
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Stored cross-site scripting
EUVDB-ID: #VU84272
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48553
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Stored cross-site scripting
EUVDB-ID: #VU84273
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48554
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Stored cross-site scripting
EUVDB-ID: #VU84297
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48578
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Stored cross-site scripting
EUVDB-ID: #VU84299
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48580
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Stored cross-site scripting
EUVDB-ID: #VU84252
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48533
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Stored cross-site scripting
EUVDB-ID: #VU84333
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48614
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) Stored cross-site scripting
EUVDB-ID: #VU84325
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48606
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) Stored cross-site scripting
EUVDB-ID: #VU84326
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48607
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) Stored cross-site scripting
EUVDB-ID: #VU84327
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48608
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) Stored cross-site scripting
EUVDB-ID: #VU84328
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48609
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) Stored cross-site scripting
EUVDB-ID: #VU84329
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48610
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
54) Stored cross-site scripting
EUVDB-ID: #VU84330
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48611
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
55) Stored cross-site scripting
EUVDB-ID: #VU84331
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48612
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
56) Stored cross-site scripting
EUVDB-ID: #VU84332
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48613
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
57) Stored cross-site scripting
EUVDB-ID: #VU84334
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48615
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
58) Stored cross-site scripting
EUVDB-ID: #VU84323
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48604
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
59) Stored cross-site scripting
EUVDB-ID: #VU84335
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48616
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
60) Stored cross-site scripting
EUVDB-ID: #VU84336
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48617
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
61) Stored cross-site scripting
EUVDB-ID: #VU84337
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48618
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
62) Stored cross-site scripting
EUVDB-ID: #VU84338
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48619
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
63) Stored cross-site scripting
EUVDB-ID: #VU84339
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48620
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
64) Stored cross-site scripting
EUVDB-ID: #VU84340
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48621
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
65) Stored cross-site scripting
EUVDB-ID: #VU84341
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48622
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
66) Stored cross-site scripting
EUVDB-ID: #VU84342
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48623
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
67) Stored cross-site scripting
EUVDB-ID: #VU84343
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48624
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
68) Stored cross-site scripting
EUVDB-ID: #VU84324
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48605
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
69) Stored cross-site scripting
EUVDB-ID: #VU84322
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48603
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
70) Stored cross-site scripting
EUVDB-ID: #VU84300
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48581
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
71) Stored cross-site scripting
EUVDB-ID: #VU84310
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48591
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
72) Stored cross-site scripting
EUVDB-ID: #VU84301
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48582
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
73) Stored cross-site scripting
EUVDB-ID: #VU84302
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48583
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
74) Stored cross-site scripting
EUVDB-ID: #VU84303
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48584
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
75) Stored cross-site scripting
EUVDB-ID: #VU84304
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48585
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
76) Stored cross-site scripting
EUVDB-ID: #VU84305
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48586
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
77) Stored cross-site scripting
EUVDB-ID: #VU84306
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48587
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
78) Stored cross-site scripting
EUVDB-ID: #VU84307
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48588
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
79) Stored cross-site scripting
EUVDB-ID: #VU84308
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48589
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
80) Stored cross-site scripting
EUVDB-ID: #VU84309
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48590
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
81) Stored cross-site scripting
EUVDB-ID: #VU84311
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48592
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
82) Stored cross-site scripting
EUVDB-ID: #VU84321
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48602
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
83) Stored cross-site scripting
EUVDB-ID: #VU84312
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48593
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
84) Stored cross-site scripting
EUVDB-ID: #VU84313
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48594
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
85) Stored cross-site scripting
EUVDB-ID: #VU84314
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48595
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
86) Stored cross-site scripting
EUVDB-ID: #VU84315
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48596
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
87) Stored cross-site scripting
EUVDB-ID: #VU84316
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48597
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
88) Stored cross-site scripting
EUVDB-ID: #VU84317
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48598
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
89) Stored cross-site scripting
EUVDB-ID: #VU84318
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48599
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
90) Stored cross-site scripting
EUVDB-ID: #VU84319
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48600
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
91) Stored cross-site scripting
EUVDB-ID: #VU84320
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48601
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
92) Stored cross-site scripting
EUVDB-ID: #VU84253
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48534
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
93) Stored cross-site scripting
EUVDB-ID: #VU84251
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48532
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
94) Stored cross-site scripting
EUVDB-ID: #VU84160
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48440
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
95) Stored cross-site scripting
EUVDB-ID: #VU84192
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48473
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
96) Stored cross-site scripting
EUVDB-ID: #VU84184
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48465
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
97) Stored cross-site scripting
EUVDB-ID: #VU84185
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48466
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
98) Stored cross-site scripting
EUVDB-ID: #VU84186
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48467
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
99) Stored cross-site scripting
EUVDB-ID: #VU84187
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48468
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
100) Stored cross-site scripting
EUVDB-ID: #VU84188
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48469
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
101) Stored cross-site scripting
EUVDB-ID: #VU84189
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48470
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
102) Stored cross-site scripting
EUVDB-ID: #VU84190
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48471
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
103) Stored cross-site scripting
EUVDB-ID: #VU84191
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48472
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
104) Stored cross-site scripting
EUVDB-ID: #VU84193
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48474
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
105) Stored cross-site scripting
EUVDB-ID: #VU84182
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48463
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
106) Stored cross-site scripting
EUVDB-ID: #VU84194
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48475
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
107) Stored cross-site scripting
EUVDB-ID: #VU84195
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48476
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
108) Stored cross-site scripting
EUVDB-ID: #VU84196
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48477
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
109) Stored cross-site scripting
EUVDB-ID: #VU84197
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48478
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
110) Stored cross-site scripting
EUVDB-ID: #VU84198
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48479
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
111) Stored cross-site scripting
EUVDB-ID: #VU84199
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48480
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
112) Stored cross-site scripting
EUVDB-ID: #VU84200
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48481
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
113) Stored cross-site scripting
EUVDB-ID: #VU84201
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48482
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
114) Stored cross-site scripting
EUVDB-ID: #VU84202
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48483
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
115) Stored cross-site scripting
EUVDB-ID: #VU84183
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48464
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
116) Stored cross-site scripting
EUVDB-ID: #VU84181
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48462
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
117) Stored cross-site scripting
EUVDB-ID: #VU84204
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48485
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
118) Stored cross-site scripting
EUVDB-ID: #VU84169
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48450
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
119) Improper access control
EUVDB-ID: #VU84159
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48441
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to improper access restrictions. A remote attacker can bypass implemented security restrictions and gain unauthorized access to sensitive information.
Install updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
120) Stored cross-site scripting
EUVDB-ID: #VU84161
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48442
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
121) Stored cross-site scripting
EUVDB-ID: #VU84162
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48443
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
122) Stored cross-site scripting
EUVDB-ID: #VU84163
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48444
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
123) Stored cross-site scripting
EUVDB-ID: #VU84164
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48445
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
124) Stored cross-site scripting
EUVDB-ID: #VU84165
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48446
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
125) Stored cross-site scripting
EUVDB-ID: #VU84166
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48447
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
126) Stored cross-site scripting
EUVDB-ID: #VU84167
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48448
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
127) Stored cross-site scripting
EUVDB-ID: #VU84168
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48449
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
128) Stored cross-site scripting
EUVDB-ID: #VU84170
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48451
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
129) Stored cross-site scripting
EUVDB-ID: #VU84180
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48461
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
130) Stored cross-site scripting
EUVDB-ID: #VU84171
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48452
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
131) Stored cross-site scripting
EUVDB-ID: #VU84172
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48453
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
132) Stored cross-site scripting
EUVDB-ID: #VU84173
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48454
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
133) Stored cross-site scripting
EUVDB-ID: #VU84174
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48455
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
134) Stored cross-site scripting
EUVDB-ID: #VU84175
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48456
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
135) Stored cross-site scripting
EUVDB-ID: #VU84176
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48457
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
136) Stored cross-site scripting
EUVDB-ID: #VU84177
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48458
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
137) Stored cross-site scripting
EUVDB-ID: #VU84178
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48459
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
138) Stored cross-site scripting
EUVDB-ID: #VU84179
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48460
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
139) Stored cross-site scripting
EUVDB-ID: #VU84203
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48484
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
140) Stored cross-site scripting
EUVDB-ID: #VU84205
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48486
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
141) Stored cross-site scripting
EUVDB-ID: #VU84250
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48531
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
142) Stored cross-site scripting
EUVDB-ID: #VU84239
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48520
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
143) Stored cross-site scripting
EUVDB-ID: #VU84231
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48512
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
144) Stored cross-site scripting
EUVDB-ID: #VU84232
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48513
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
145) Stored cross-site scripting
EUVDB-ID: #VU84233
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48514
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
146) Stored cross-site scripting
EUVDB-ID: #VU84234
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48515
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
147) Stored cross-site scripting
EUVDB-ID: #VU84235
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48516
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
148) Stored cross-site scripting
EUVDB-ID: #VU84236
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48517
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
149) Stored cross-site scripting
EUVDB-ID: #VU84237
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48518
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
150) Stored cross-site scripting
EUVDB-ID: #VU84238
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48519
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
151) Stored cross-site scripting
EUVDB-ID: #VU84240
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48521
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
152) Stored cross-site scripting
EUVDB-ID: #VU84229
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48510
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
153) Stored cross-site scripting
EUVDB-ID: #VU84241
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48522
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
154) Stored cross-site scripting
EUVDB-ID: #VU84242
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48523
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
155) Stored cross-site scripting
EUVDB-ID: #VU84243
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48524
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
156) Stored cross-site scripting
EUVDB-ID: #VU84244
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48525
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
157) Stored cross-site scripting
EUVDB-ID: #VU84245
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48526
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
158) Stored cross-site scripting
EUVDB-ID: #VU84246
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48527
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
159) Stored cross-site scripting
EUVDB-ID: #VU84247
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48528
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
160) Stored cross-site scripting
EUVDB-ID: #VU84248
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48529
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
161) Stored cross-site scripting
EUVDB-ID: #VU84249
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48530
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
162) Stored cross-site scripting
EUVDB-ID: #VU84230
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48511
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
163) Stored cross-site scripting
EUVDB-ID: #VU84228
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48509
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
164) Stored cross-site scripting
EUVDB-ID: #VU84206
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48487
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
165) Stored cross-site scripting
EUVDB-ID: #VU84216
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48497
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
166) Stored cross-site scripting
EUVDB-ID: #VU84207
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48488
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
167) Stored cross-site scripting
EUVDB-ID: #VU84208
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48489
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
168) Stored cross-site scripting
EUVDB-ID: #VU84209
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48490
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
169) Stored cross-site scripting
EUVDB-ID: #VU84210
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48491
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
170) Stored cross-site scripting
EUVDB-ID: #VU84211
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48492
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
171) Stored cross-site scripting
EUVDB-ID: #VU84212
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48493
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
172) Stored cross-site scripting
EUVDB-ID: #VU84213
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48494
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
173) Stored cross-site scripting
EUVDB-ID: #VU84214
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48495
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
174) Stored cross-site scripting
EUVDB-ID: #VU84215
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48496
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
175) Stored cross-site scripting
EUVDB-ID: #VU84217
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48498
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
176) Stored cross-site scripting
EUVDB-ID: #VU84227
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48508
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
177) Stored cross-site scripting
EUVDB-ID: #VU84218
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48499
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
178) Stored cross-site scripting
EUVDB-ID: #VU84219
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48500
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
179) Stored cross-site scripting
EUVDB-ID: #VU84220
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48501
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
180) Stored cross-site scripting
EUVDB-ID: #VU84221
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48502
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
181) Stored cross-site scripting
EUVDB-ID: #VU84222
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48503
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
182) Stored cross-site scripting
EUVDB-ID: #VU84223
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48504
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
183) Stored cross-site scripting
EUVDB-ID: #VU84224
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48505
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
184) Stored cross-site scripting
EUVDB-ID: #VU84225
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48506
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
185) Stored cross-site scripting
EUVDB-ID: #VU84226
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-48507
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Experience Manager: 6.0 HOTFIX 25133 - 6.5.18.0
CPE2.3- cpe:2.3:a:adobe:adobe_experience_manager:6.0 HOTFIX 25133:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.0:*:*:*:*:*:*:
- cpe:2.3:a:adobe:adobe_experience_manager:6.1-SP2-CFP17:*:*:*:*:*:*:
http://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
