← voltar
CVE-2022-28820

Adobe Consulting Services Reflected Cross-Site Scripting Arbitrary Code Execution

CVSS 6.1 MEDIUMEPSS 1.0%CWE-79
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 6.1EPSS 1.0%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
21 abr 2022Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
ACS Commons version 5.1.x (and earlier) suffers from a Reflected Cross-site Scripting (XSS) vulnerability in /apps/acs-commons/content/page-compare.html endpoint via the a and b GET parameters. User input submitted via these parameters is not validated or sanitised. An attacker must provide a link to someone with access to AEM Author, and could potentially exploit this vulnerability to inject malicious JavaScript content into vulnerable form fields and execute it within the context of the victim's browser. The exploitation of this issue requires user interaction in order to be successful.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N