Adobe Experience Manager CVE-2018-5005 Cross Site Scripting Vulnerability

Adobe Experience Manager is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Adobe Experience Manager 6.2, 6.3 and 6.4 are vulnerable.

Information

Bugtraq ID: 105073
Class: Input Validation Error
CVE: CVE-2018-5005

Remote: Yes
Local: No
Published: Aug 14 2018 12:00AM
Updated: Aug 14 2018 12:00AM
Credit: The vendor reported this issue.
Vulnerable: Adobe Experience Manager 6.4
Adobe Experience Manager 6.3
Adobe Experience Manager 6.2

Not Vulnerable:

Exploit

To exploit this issue, the attacker needs to entice a user into following a malicious URI.

References:

• Adobe Experience Manager Homepage (Adobe)
  
• APSB18-26: Security updates available for Adobe Experience Manager | APSB18-26 (Adobe)
  

Source: www.securityfocus.com