ID

VAR-201602-0317


CVE

CVE-2016-0955


TITLE

Adobe Experience Manager Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2016-001448

DESCRIPTION

Cross-site scripting (XSS) vulnerability in Adobe Experience Manager (AEM) 6.1.0 allows remote authenticated users to inject arbitrary web script or HTML via a folder title field that is mishandled in the Deletion popup dialog. Adobe Experience Manager (AEM) is a set of content management solutions from Adobe (Adobe) that can be used to build websites, mobile applications and forms. The solution supports mobile content management, marketing and sales campaign management, and multi-site management. A cross-site scripting vulnerability exists in AEM. The following versions are affected: AEM version 5.6.1, version 6.0.0, version 6.1.0

Trust: 1.8

sources: NVD: CVE-2016-0955 // JVNDB: JVNDB-2016-001448 // VULHUB: VHN-88465 // VULMON: CVE-2016-0955

AFFECTED PRODUCTS

vendor:adobemodel:experience managerscope:eqversion:6.1.0

Trust: 1.6

vendor:adobemodel:experience managerscope:eqversion:5.6.1 (windows/unix/linux/os x)

Trust: 0.8

vendor:adobemodel:experience managerscope:eqversion:6.0.0 (windows/unix/linux/os x)

Trust: 0.8

vendor:adobemodel:experience managerscope:eqversion:6.1.0 (windows/unix/linux/os x)

Trust: 0.8

sources: JVNDB: JVNDB-2016-001448 // CNNVD: CNNVD-201602-218 // NVD: CVE-2016-0955

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-0955
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-0955
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201602-218
value: MEDIUM

Trust: 0.6

VULHUB: VHN-88465
value: MEDIUM

Trust: 0.1

VULMON: CVE-2016-0955
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-0955
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-88465
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-0955
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-88465 // VULMON: CVE-2016-0955 // JVNDB: JVNDB-2016-001448 // CNNVD: CNNVD-201602-218 // NVD: CVE-2016-0955

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-88465 // JVNDB: JVNDB-2016-001448 // NVD: CVE-2016-0955

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201602-218

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201602-218

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-001448

PATCH

title:APSB16-05url:http://helpx.adobe.com/security/products/experience-manager/apsb16-05.html

Trust: 0.8

title:APSB16-05url:http://helpx.adobe.com/jp/security/products/experience-manager/apsb16-05.html

Trust: 0.8

title:Adobe Experience Manager Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60160

Trust: 0.6

title:CVE-Studyurl:https://github.com/thdusdl1219/CVE-Study

Trust: 0.1

sources: VULMON: CVE-2016-0955 // JVNDB: JVNDB-2016-001448 // CNNVD: CNNVD-201602-218

EXTERNAL IDS

db:NVDid:CVE-2016-0955

Trust: 2.6

db:JVNDBid:JVNDB-2016-001448

Trust: 0.8

db:CNNVDid:CNNVD-201602-218

Trust: 0.7

db:VULHUBid:VHN-88465

Trust: 0.1

db:BIDid:83117

Trust: 0.1

db:VULMONid:CVE-2016-0955

Trust: 0.1

sources: VULHUB: VHN-88465 // VULMON: CVE-2016-0955 // JVNDB: JVNDB-2016-001448 // CNNVD: CNNVD-201602-218 // NVD: CVE-2016-0955

REFERENCES

url:https://helpx.adobe.com/security/products/experience-manager/apsb16-05.html

Trust: 1.8

url:http://www.csnc.ch/misc/files/advisories/cve-2016-0955_aem-xss.txt

Trust: 1.2

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0955

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0955

Trust: 0.8

url:https://cwe.mitre.org/data/definitions/79.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.securityfocus.com/bid/83117

Trust: 0.1

url:https://github.com/thdusdl1219/cve-study

Trust: 0.1

sources: VULHUB: VHN-88465 // VULMON: CVE-2016-0955 // JVNDB: JVNDB-2016-001448 // CNNVD: CNNVD-201602-218 // NVD: CVE-2016-0955

SOURCES

db:VULHUBid:VHN-88465
db:VULMONid:CVE-2016-0955
db:JVNDBid:JVNDB-2016-001448
db:CNNVDid:CNNVD-201602-218
db:NVDid:CVE-2016-0955

LAST UPDATE DATE

2024-11-23T21:43:16.301000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-88465date:2016-03-23T00:00:00
db:VULMONid:CVE-2016-0955date:2016-03-23T00:00:00
db:JVNDBid:JVNDB-2016-001448date:2016-02-19T00:00:00
db:CNNVDid:CNNVD-201602-218date:2016-02-15T00:00:00
db:NVDid:CVE-2016-0955date:2024-11-21T02:42:42.630

SOURCES RELEASE DATE

db:VULHUBid:VHN-88465date:2016-02-10T00:00:00
db:VULMONid:CVE-2016-0955date:2016-02-10T00:00:00
db:JVNDBid:JVNDB-2016-001448date:2016-02-19T00:00:00
db:CNNVDid:CNNVD-201602-218date:2016-02-15T00:00:00
db:NVDid:CVE-2016-0955date:2016-02-10T20:59:07.670