CVE-2024-36206

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.20 and earlier

Description: The issue is related to a reflected Cross-Site Scripting (XSS) vulnerability. It can be exploited if an attacker convinces a victim to visit a URL referencing a vulnerable page, potentially leading to the execution of malicious JavaScript content within the victim's browser context. The vulnerability is also described as being related to the lack of protection of the web page structure, which could allow a remote attacker to conduct a cross-site scripting attack.

Recommendations: For Adobe Experience Manager versions 6.5.20 and earlier, update to a version later than 6.5.20 to resolve the issue. As a temporary workaround, consider restricting access to vulnerable pages until a patch is available. Avoid using URLs that reference vulnerable pages in Adobe Experience Manager until the issue is resolved.