ID
VAR-201602-0317
CVE
CVE-2016-0955
TITLE
Adobe Experience Manager Vulnerable to cross-site scripting
Trust: 0.8
DESCRIPTION
Cross-site scripting (XSS) vulnerability in Adobe Experience Manager (AEM) 6.1.0 allows remote authenticated users to inject arbitrary web script or HTML via a folder title field that is mishandled in the Deletion popup dialog. Adobe Experience Manager (AEM) is a set of content management solutions from Adobe (Adobe) that can be used to build websites, mobile applications and forms. The solution supports mobile content management, marketing and sales campaign management, and multi-site management. A cross-site scripting vulnerability exists in AEM. The following versions are affected: AEM version 5.6.1, version 6.0.0, version 6.1.0
Trust: 1.8
AFFECTED PRODUCTS
| vendor: | adobe | model: | experience manager | scope: | eq | version: | 6.1.0 | Trust: 1.6 |
| vendor: | adobe | model: | experience manager | scope: | eq | version: | 5.6.1 (windows/unix/linux/os x) | Trust: 0.8 |
| vendor: | adobe | model: | experience manager | scope: | eq | version: | 6.0.0 (windows/unix/linux/os x) | Trust: 0.8 |
| vendor: | adobe | model: | experience manager | scope: | eq | version: | 6.1.0 (windows/unix/linux/os x) | Trust: 0.8 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-79 | Trust: 1.9 |
THREAT TYPE
remote
Trust: 0.6
TYPE
XSS
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | APSB16-05 | url: | http://helpx.adobe.com/security/products/experience-manager/apsb16-05.html | Trust: 0.8 |
| title: | APSB16-05 | url: | http://helpx.adobe.com/jp/security/products/experience-manager/apsb16-05.html | Trust: 0.8 |
| title: | Adobe Experience Manager Fixes for cross-site scripting vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60160 | Trust: 0.6 |
| title: | CVE-Study | url: | https://github.com/thdusdl1219/CVE-Study | Trust: 0.1 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2016-0955 | Trust: 2.6 |
| db: | JVNDB | id: | JVNDB-2016-001448 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201602-218 | Trust: 0.7 |
| db: | VULHUB | id: | VHN-88465 | Trust: 0.1 |
| db: | BID | id: | 83117 | Trust: 0.1 |
| db: | VULMON | id: | CVE-2016-0955 | Trust: 0.1 |
REFERENCES
| url: | https://helpx.adobe.com/security/products/experience-manager/apsb16-05.html | Trust: 1.8 |
| url: | http://www.csnc.ch/misc/files/advisories/cve-2016-0955_aem-xss.txt | Trust: 1.2 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0955 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0955 | Trust: 0.8 |
| url: | https://cwe.mitre.org/data/definitions/79.html | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
| url: | https://www.securityfocus.com/bid/83117 | Trust: 0.1 |
| url: | https://github.com/thdusdl1219/cve-study | Trust: 0.1 |
SOURCES
| db: | VULHUB | id: | VHN-88465 |
| db: | VULMON | id: | CVE-2016-0955 |
| db: | JVNDB | id: | JVNDB-2016-001448 |
| db: | CNNVD | id: | CNNVD-201602-218 |
| db: | NVD | id: | CVE-2016-0955 |
LAST UPDATE DATE
2024-08-14T14:13:50.777000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-88465 | date: | 2016-03-23T00:00:00 |
| db: | VULMON | id: | CVE-2016-0955 | date: | 2016-03-23T00:00:00 |
| db: | JVNDB | id: | JVNDB-2016-001448 | date: | 2016-02-19T00:00:00 |
| db: | CNNVD | id: | CNNVD-201602-218 | date: | 2016-02-15T00:00:00 |
| db: | NVD | id: | CVE-2016-0955 | date: | 2016-03-23T00:57:59.860 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-88465 | date: | 2016-02-10T00:00:00 |
| db: | VULMON | id: | CVE-2016-0955 | date: | 2016-02-10T00:00:00 |
| db: | JVNDB | id: | JVNDB-2016-001448 | date: | 2016-02-19T00:00:00 |
| db: | CNNVD | id: | CNNVD-201602-218 | date: | 2016-02-15T00:00:00 |
| db: | NVD | id: | CVE-2016-0955 | date: | 2016-02-10T20:59:07.670 |