CVE-2021-44178

Name of the Vulnerable Software and Affected Versions Adobe Experience Manager versions 6.5.10.0 and below Adobe Experience Manager's Cloud Service offering

Description The issue is related to a reflected Cross-Site Scripting (XSS) vulnerability via the itemResourceType parameter. If an attacker convinces a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. The vulnerability is also associated with insufficient protection of the web page structure, which could allow a remote attacker to execute arbitrary code.

Recommendations For Adobe Experience Manager versions 6.5.10.0 and below: update to a version above 6.5.10.0 to resolve the issue. For Adobe Experience Manager's Cloud Service offering: consider disabling the itemResourceType parameter as a temporary workaround until a patch is available. Restrict access to vulnerable pages to minimize the risk of exploitation.