CVE-2020-9732

Name of the Vulnerable Software and Affected Versions Adobe Experience Manager versions 6.5.5.0 and below Adobe Experience Manager versions 6.4.8.2 and below

Description The issue is related to a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Sites component. These scripts may be executed in a victim’s browser when they open the page containing the vulnerable field. The vulnerability is also described as being related to insufficient protection of the web page structure, which may allow a remote attacker to execute arbitrary JavaScript code in a user's browser.

Recommendations For versions 6.5.5.0 and below, consider restricting access to the Sites component to minimize the risk of exploitation until a patch is available. For versions 6.4.8.2 and below, consider disabling the ability for 'Author' privileged users to store scripts in fields associated with the Sites component as a temporary workaround.