CVE-2024-52839

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.21 and earlier

Description: A DOM-based Cross-Site Scripting (XSS) issue affects Adobe Experience Manager, allowing an attacker to execute arbitrary code in the context of the victim's browser session. This is achieved by manipulating a DOM element through a crafted URL or user input, enabling the injection of malicious scripts that run when the page is rendered. The attack requires user interaction, such as visiting a malicious link or inputting data into a compromised form.

Recommendations: For Adobe Experience Manager versions 6.5.21 and earlier, update to a version later than 6.5.21 to resolve the issue. As a temporary workaround, consider restricting user input and access to potentially compromised forms until a patch is available. Avoid using crafted URLs that could manipulate DOM elements in Adobe Experience Manager until the issue is resolved.