CVE-2024-26072

Name of the Vulnerable Software and Affected Versions Adobe Experience Manager versions 6.5.20 and earlier

Description The issue is related to a DOM-based Cross-Site Scripting (XSS) vulnerability. This could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation typically requires user interaction, such as convincing a victim to click on a specially crafted link or to submit a form that causes the vulnerable script to execute. The vulnerability is associated with insufficient protection of the web page structure.

Recommendations For Adobe Experience Manager versions 6.5.20 and earlier, as a temporary workaround, consider restricting user interaction with potentially vulnerable scripts until a patch is available. Avoid using links or forms that could cause the execution of the vulnerable script. At the moment, there is no information about a newer version that contains a fix for this vulnerability.