Adobe Experience Manager CVE-2019-7955 Cross Site Scripting Vulnerability

Adobe Experience Manager is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Adobe Experience Manager 6.1, 6.2, 6.3, 6.4 and 6.5 are vulnerable.

Information

Bugtraq ID: 109079
Class: Input Validation Error
CVE: CVE-2019-7955

Remote: Yes
Local: No
Published: Jul 09 2019 12:00AM
Updated: Jul 09 2019 12:00AM
Credit: Lorenzo Pirondini
Vulnerable: Adobe Experience Manager 6.3.3
Adobe Experience Manager 6.5
Adobe Experience Manager 6.4
Adobe Experience Manager 6.3
Adobe Experience Manager 6.2

Not Vulnerable: Adobe Experience Manager 6.5.1.0
Adobe Experience Manager 6.4.5.0
Adobe Experience Manager 6.3.3.5

Exploit

To exploit this issue, the attacker needs to entice a user into following a malicious URI.

References:

• Adobe Homepage (Adobe)
  
• Security updates available for Adobe Experience Manager | APSB19-38 (Adobe)
  

Source: www.securityfocus.com