Request a Demo
Rewterz
GuLoader Malspam Campaign – Active IOCs
February 7, 2025
Rewterz
Multiple Microsoft Products Vulnerabilities
February 7, 2025

Multiple Adobe Experience Manager Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2024-53962 CVSS:5.4

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE-2024-53963 CVSS:5.4

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by a low privileged attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user input, the attacker can inject malicious scripts that run when the page is rendered.

CVE-2024-53966 CVSS:5.4

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE-2024-53964 CVSS:5.4

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE-2024-53965 CVSS:5.4

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by a low privileged attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user input, the attacker can inject malicious scripts that run when the page is rendered.

Impact

  • Cross-Site Scripting

Indicators of Compromise

CVE

  • CVE-2024-53962

  • CVE-2024-53963

  • CVE-2024-53966

  • CVE-2024-53964

  • CVE-2024-53965

Affected Vendors

Adobe

Affected Products

  • Adobe Experience Manager 6.5.21

Remediation

Refer to Adobe Security Advisory for patch, upgrade, or suggested workaround information.

Adobe Security Advisory