Request a Demo
Rewterz
DollyWay Malware Campaign Breached 20,000 WordPress Sites – Active IOCs
March 20, 2025
Rewterz
Multiple Apple Products Vulnerabilities
March 20, 2025

Multiple Adobe Experience Manager Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2024-53967 CVSS:5.4

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited to execute arbitrary code in the context of the victim's browser session. By manipulating the DOM environment in the victim's browser, a low privileged attacker can inject malicious scripts that are executed by the victim's browser. Exploitation of this issue requires user interaction, typically in the form of following a malicious link.

CVE-2024-53968 CVSS:5.4

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited to execute arbitrary code in the context of the victim's browser session. By manipulating the DOM environment in the victim's browser, a low privileged attacker can inject malicious scripts that are executed by the victim's browser. Exploitation of this issue requires user interaction, typically in the form of following a malicious link.

CVE-2024-53969 CVSS:5.4

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited to execute arbitrary code in the context of the victim's browser session. By manipulating the DOM environment in the victim's browser, a low privileged attacker can inject malicious scripts that are executed by the victim's browser. Exploitation of this issue requires user interaction, typically in the form of following a malicious link.

CVE-2024-53970 CVSS:5.4

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

Impact

  • Code Execution
  • Cross-Site Scripting

Indicators of Compromise

CVE

  • CVE-2024-53967

  • CVE-2024-53968

  • CVE-2024-53969

  • CVE-2024-53970

Affected Vendors

  • Adobe

Affected Products

  • Adobe Experience Manager 6.5.21

Remediation

Refer to Adobe Security Advisory for patch, upgrade, or suggested workaround information.

Adobe Security Advisory