CVE-2024-26090

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.20 and earlier

Description: The issue is related to insufficient protection of the web page structure, allowing for a DOM-based Cross-Site Scripting (XSS) attack. This could enable an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation requires user interaction, such as convincing a victim to click on a specially crafted link.

Recommendations: For Adobe Experience Manager versions 6.5.20 and earlier, update to a version later than 6.5.20 to resolve the issue. At the moment, there is no information about additional mitigation measures for this specific vulnerability.