CVE-2020-9743

Name of the Vulnerable Software and Affected Versions Adobe Experience Manager versions 6.5.5.0 and earlier Adobe Experience Manager versions 6.4.8.1 and earlier Adobe Experience Manager versions 6.3.3.8 and earlier Adobe Experience Manager versions 6.2 SP1-CFP20 and earlier

Description The issue is related to an HTML injection vulnerability in the content editor component. This vulnerability allows unauthenticated users to craft an HTTP request that includes arbitrary HTML code in a parameter value, which could be used to lure victims into performing unsafe actions, such as phishing. The vulnerability is associated with insufficient protection of the web page structure, allowing a remote attacker to execute arbitrary HTML code in the user's browser.

Recommendations For Adobe Experience Manager versions 6.5.5.0 and earlier, update to a version above 6.5.5.0 to resolve the issue. For Adobe Experience Manager versions 6.4.8.1 and earlier, update to a version above 6.4.8.1 to resolve the issue. For Adobe Experience Manager versions 6.3.3.8 and earlier, update to a version above 6.3.3.8 to resolve the issue. For Adobe Experience Manager versions 6.2 SP1-CFP20 and earlier, update to a version above 6.2 SP1-CFP20 to resolve the issue.