CVE-2020-9741

Name of the Vulnerable Software and Affected Versions Adobe Experience Manager versions 6.5.5.0 and below Adobe Experience Manager versions 6.4.8.2 and below

Description The issue is related to a stored XSS vulnerability in the AEM forms add-on, allowing users with 'Author' privileges to store malicious scripts in fields associated with the Forms component. These scripts can be executed in a victim's browser when they open the page containing the vulnerable field. The vulnerability is also described as being related to insufficient protection of the web page structure, which can allow a remote attacker to execute arbitrary JavaScript code in a user's browser using a specially crafted web page.

Recommendations For versions 6.5.5.0 and below, consider restricting access to the Forms component to prevent exploitation until a fix is available. For versions 6.4.8.2 and below, consider disabling the ability for 'Author' privileged users to input data into fields associated with the Forms component as a temporary mitigation measure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.