April 23, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
DollyWay Malware Campaign Breached 20,000 WordPress Sites – Active IOCs
March 20, 2025Multiple Apple Products Vulnerabilities
March 20, 2025DollyWay Malware Campaign Breached 20,000 WordPress Sites – Active IOCs
March 20, 2025Multiple Apple Products Vulnerabilities
March 20, 2025
Severity
Medium
Analysis Summary
CVE-2024-53967 CVSS:5.4
Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited to execute arbitrary code in the context of the victim's browser session. By manipulating the DOM environment in the victim's browser, a low privileged attacker can inject malicious scripts that are executed by the victim's browser. Exploitation of this issue requires user interaction, typically in the form of following a malicious link.
CVE-2024-53968 CVSS:5.4
Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited to execute arbitrary code in the context of the victim's browser session. By manipulating the DOM environment in the victim's browser, a low privileged attacker can inject malicious scripts that are executed by the victim's browser. Exploitation of this issue requires user interaction, typically in the form of following a malicious link.
CVE-2024-53969 CVSS:5.4
Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited to execute arbitrary code in the context of the victim's browser session. By manipulating the DOM environment in the victim's browser, a low privileged attacker can inject malicious scripts that are executed by the victim's browser. Exploitation of this issue requires user interaction, typically in the form of following a malicious link.
CVE-2024-53970 CVSS:5.4
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
Impact
- Code Execution
- Cross-Site Scripting
Indicators of Compromise
CVE
CVE-2024-53967
CVE-2024-53968
CVE-2024-53969
CVE-2024-53970
Affected Vendors
- Adobe
Affected Products
- Adobe Experience Manager 6.5.21
Remediation
Refer to Adobe Security Advisory for patch, upgrade, or suggested workaround information.
