Adobe Experience Manager CVE-2017-3109 Cross Site Scripting Vulnerability

Adobe Experience Manager is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

Information

Bugtraq ID: 101834
Class: Input Validation Error
CVE: CVE-2017-3109

Remote: Yes
Local: No
Published: Nov 14 2017 12:00AM
Updated: Nov 15 2017 12:07AM
Credit: Nagamarimuthu of Cognizant Technology Solutions - Enterprise Risk & Security Solutions.
Vulnerable: Adobe Experience Manager 6.1
Adobe Experience Manager 6.0
Adobe Experience Manager 6.3
Adobe Experience Manager 6.2

Not Vulnerable:

Exploit

To exploit this issue an attacker must entice an unsuspecting victim to open a malicious URI.

References:

• Adobe Experience Manager Homepage (Adobe)
  
• Security updates available for Adobe Experience Manager | APSB17-41 (Adobe)
  

Source: www.securityfocus.com