CVE-2021-21043— Reflected Cross-site Scripting (XSS) on version-compare and page-compare tools

Reflected Cross-site Scripting (XSS) on version-compare and page-compare tools

ACS Commons version 4.9.2 (and earlier) suffers from a Reflected Cross-site Scripting (XSS) vulnerability in version-compare and page-compare due to invalid JCR characters that are not handled correctly. An attacker could potentially exploit this vulnerability to inject malicious JavaScript content into vulnerable form fields and execute it within the context of the victim's browser. Exploitation of this issue requires user interaction in order to be successful.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

Adobe InDesign 跨站脚本漏洞

Adobe InDesign是美国奥多比（Adobe）公司的一套排版编辑应用程序。 Acrobat InDesign version 16.0 (and earlier) 存在跨站脚本漏洞，该漏洞源于没有正确处理无效的JCR字符，攻击者可利用该漏洞将恶意JavaScript内容注入到易受攻击的表单字段中，并在受害者的浏览器上下文中执行它。

N/A

N/A