CVE-2024-53965

Name of the Vulnerable Software and Affected Versions Adobe Experience Manager versions 6.5.21 and earlier

Description A DOM-based Cross-Site Scripting (XSS) issue affects Adobe Experience Manager, allowing a low-privileged attacker to execute arbitrary code in the context of the victim's browser session. This is achieved by manipulating a DOM element through a crafted URL or user input, enabling the injection of malicious scripts that run when the page is rendered. The attack requires user interaction, such as accessing a manipulated link or inputting data into a vulnerable page.

Recommendations For Adobe Experience Manager versions 6.5.21 and earlier, update to a version later than 6.5.21 to resolve the issue. As a temporary workaround, consider restricting access to vulnerable pages and avoiding the use of crafted URLs or user input that could manipulate DOM elements until a patch is available.