Vladbailescu

**Name of the Vulnerable Software and Affected Versions** Adobe Experience Manager Core Components versions 2.20.6 and earlier **Description** The issue is related to a reflected Cross-Site Scripting (XSS) vulnerability, which may allow an attacker to execute malicious JavaScript content within the context of a victim's browser. This can happen if the attacker convinces the victim to visit a URL referencing a vulnerable page. Exploitation of this issue requires low author privilege access. The vulnerability is also related to insufficient protection of the web page structure, which may allow a remote attacker to execute arbitrary code. **Recommendations** For versions 2.20.6 and earlier, update to version 2.20.8 to resolve the issue. As a temporary workaround, consider restricting access to the `AdaptiveImageServlet` to minimize the risk of exploitation. Avoid allowing authors to upload specially crafted SVG images that include malicious JavaScript until the issue is resolved.