CVE-2022-30677

Name of the Vulnerable Software and Affected Versions Adobe Experience Manager versions 6.5.13.0 and earlier

Description The issue is related to a reflected Cross-Site Scripting (XSS) vulnerability. An attacker can exploit this by convincing a victim to visit a URL referencing a vulnerable page, which may result in the execution of malicious JavaScript content within the victim's browser. This requires low-privilege access to AEM. The vulnerability is also described as related to the lack of protection of the web page structure, allowing a remote attacker to conduct cross-site scripting attacks using a specially crafted link.

Recommendations For Adobe Experience Manager versions 6.5.13.0 and earlier, update to a version that includes a fix for this issue to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.