Adobe Experience Manager
98 CVEs affecting Adobe Experience Manager. Latest disclosed: 2023-06-15. Critical: 6, High: 8.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-40722 | Critical | 9.8 | 2022-01-13 | AEM Forms Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by an XML External Entity (XXE) injection vulnerability that could be ab… |
CVE-2020-9734 | Critical | 9.0 | 2020-09-10 | The AEM Forms add-on for versions 6.5.5.0 (and below) and 6.4.8.1 (and below) is affected by a stored XSS vulnerability that allows users with 'Author' privile… |
CVE-2020-9742 | Critical | 9.0 | 2020-09-10 | AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below) and 6.3.3.8 (and below) are affected by a stored XSS vulnerability that allows users with 'Author' privil… |
CVE-2020-9741 | Critical | 9.0 | 2020-09-10 | The AEM forms add-on for versions 6.5.5.0 (and below) and 6.4.8.2 (and below) is affected by a stored XSS vulnerability that allows users with 'Author' privile… |
CVE-2020-9732 | Critical | 9.0 | 2020-09-10 | The AEM Forms add-on for versions 6.5.5.0 (and below) and 6.4.8.2 (and below) are affected by a stored XSS vulnerability that allows users with 'Author' privil… |
CVE-2020-9740 | Critical | 9.0 | 2020-09-10 | AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows… |
CVE-2021-44176 | High | 8.1 | 2022-01-13 | AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by… |
CVE-2021-44177 | High | 8.1 | 2022-01-13 | AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by… |
CVE-2021-43765 | High | 8.1 | 2022-01-13 | AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by… |
CVE-2021-43764 | High | 8.0 | 2022-01-13 | AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by… |
CVE-2021-43761 | High | 8.0 | 2022-01-13 | AEM's Cloud Service offering, as well as versions 6.5.7.0 (and below), 6.4.8.3 (and below) and 6.3.3.8 (and below) are affected by a stored Cross-Site Scriptin… |
CVE-2021-21083 | High | 7.5 | 2021-06-28 | AEM's Cloud Service offering, as well as versions 6.5.7.0 (and below), 6.4.8.3 (and below) and 6.3.3.8 (and below) are affected by an Improper Access Control v… |
CVE-2020-9733 | High | 7.5 | 2020-09-10 | An AEM java servlet in AEM versions 6.5.5.0 (and below) and 6.4.8.1 (and below) executes with the permissions of a high privileged service user. If exploited… |
CVE-2021-21084 | High | 7.3 | 2021-06-28 | AEM's Cloud Service offering, as well as versions 6.5.7.0 (and below), 6.4.8.3 (and below) and 6.3.3.8 (and below) are affected by a stored Cross-Site Scriptin… |
CVE-2020-9736 | Medium | 6.8 | 2020-09-10 | AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows… |
CVE-2020-9735 | Medium | 6.8 | 2020-09-10 | AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows… |
CVE-2020-9738 | Medium | 6.8 | 2020-09-10 | AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows… |
CVE-2020-9737 | Medium | 6.8 | 2020-09-10 | AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows… |
CVE-2021-43762 | Medium | 6.5 | 2022-01-13 | AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a dispatcher bypass vulnerability that could be abused to evade security… |
CVE-2021-40712 | Medium | 6.5 | 2021-09-27 | Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a improper input validation vulnerability via the path parameter. An authenticated attack… |