CVE-2024-41848

Name of the Vulnerable Software and Affected Versions Adobe Experience Manager versions 6.5.20 and earlier

Description The issue is related to a reflected Cross-Site Scripting (XSS) vulnerability, which may allow an attacker to execute malicious JavaScript content within the context of a victim's browser if the victim visits a URL referencing a vulnerable page. This is due to insufficient protection of the web page structure. The vulnerability can be exploited by a remote attacker to conduct cross-site scripting attacks.

Recommendations For Adobe Experience Manager versions 6.5.20 and earlier, update to a version later than 6.5.20 to resolve the issue. As a temporary workaround, consider restricting access to vulnerable pages until a patch is available. Avoid using URLs that reference vulnerable pages in Adobe Experience Manager until the issue is resolved. At the moment, there is no information about additional mitigation measures.