CVE-2024-52822

Name of the Vulnerable Software and Affected Versions Adobe Experience Manager versions 6.5.21 and earlier

Description A DOM-based Cross-Site Scripting (XSS) issue affects Adobe Experience Manager, allowing an attacker to execute arbitrary code in the context of the victim's browser session. This is achieved by manipulating a DOM element through a crafted URL or user input, injecting malicious scripts that run when the page is rendered. The attack requires user interaction, as the victim must access a manipulated URL or page with the malicious script.

Recommendations For Adobe Experience Manager versions 6.5.21 and earlier, update to a version later than 6.5.21 to resolve the issue. As a temporary workaround, consider restricting access to potentially vulnerable DOM elements until a patch is available. Avoid using crafted URLs or user input that could manipulate DOM elements and inject malicious scripts.