漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
HTML injection in AEM's content editor component
Vulnerability Description
AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by an HTML injection vulnerability in the content editor component that allows unauthenticated users to craft an HTTP request that includes arbitrary HTML code in a parameter value. An attacker could then use the malicious GET request to lure victims to perform unsafe actions in the page (ex. phishing).
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
输入验证不恰当
Vulnerability Title
Adobe Experience Manager Forms 跨站脚本漏洞
Vulnerability Description
Adobe Experience Manager Forms是美国奥多比(Adobe)公司的一套用于表单内容管理的解决方案。该产品包括表单创作、管理、发布以及通信管理、文档安全性和集成分析等功能。 Adobe Experience Manager (AEM)和AEM Forms存在跨站脚本漏洞。攻击者利用这些漏洞会导致在浏览器中执行任意JavaScript。
CVSS Information
N/A
Vulnerability Type
N/A