CVE-2024-26103— Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79)

CVSS 5.4 · Medium EPSS 1.16% · P79 Updated Jan 25, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-26103

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79)

Source: NVD (National Vulnerability Database)

Vulnerability Description

Adobe Experience Manager versions 6.5.19 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

Source: NVD (National Vulnerability Database)

Vulnerability Title

Adobe Experience Manager 跨站脚本漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Adobe Experience Manager（AEM）是美国奥多比（Adobe）公司的一套可用于构建网站、移动应用程序和表单的内容管理解决方案。该方案支持移动内容管理、营销销售活动管理和多站点管理等。 Adobe Experience Manager 6.5.19 版本及之前版本存在跨站脚本漏洞，该漏洞源于存在反射型跨站点脚本（XSS）漏洞。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Adobe	Adobe Experience Manager	0 ~ 6.5.19	-

II. Public POCs for CVE-2024-26103

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2024-26103

请登录查看更多情报信息。

Same Patch Batch · Adobe · 2024-03-18 · 56 CVEs total

CVE-2024-20745	7.8 HIGH	ZDI-CAN-22671: Adobe Premiere Pro AVI File Parsing Heap-based Buffer Overflow Remote Code
CVE-2024-20746	7.8 HIGH	Adobe Premiere Pro Out-of-bounds Write Arbitrary code execution
CVE-2024-20756	7.8 HIGH	Adobe Bridge 2024 Out of Bound Write Remote Code Execution Vulnerability
CVE-2024-20752	7.8 HIGH	ZDI-CAN-22653: Adobe Bridge PS File Parsing Use-After-Free Remote Code Execution Vulnerabi
CVE-2024-20755	7.8 HIGH	Adobe Bridge PDF Parsing Heap Memory Corruption Remote Code Execution Vulnerability
CVE-2024-20754	7.8 HIGH	Lightroom Desktop \| Untrusted Search Path (CWE-426)
CVE-2024-20761	7.8 HIGH	Adobe Animate 2024 BMP File Parsing Out-Of-Bound Write Remote Code execution Vulnerability
CVE-2024-20767	7.4 HIGH	ColdFusion \| Improper Access Control (CWE-284)
CVE-2024-20764	5.5 MEDIUM	Adobe Animate 2024 SWF File parsing memory corruption
CVE-2024-20762	5.5 MEDIUM	Adobe Animate MP3 File parsing unitialized heap memory corruption
CVE-2024-20757	5.5 MEDIUM	Bridge 2024 TIF File Parsing Out-Of-Bound Read Information Disclosure Vulnerability
CVE-2024-20763	5.5 MEDIUM	Adobe Animate 2024 GIF file parsing memory corruption
CVE-2024-26106	5.4 MEDIUM	Adobe Experience Manager \| Cross-site Scripting (Reflected XSS) (CWE-79)
CVE-2024-26059	5.4 MEDIUM	Adobe Experience Manager \| Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-26031	5.4 MEDIUM	Adobe Experience Manager \| Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-26096	5.4 MEDIUM	Adobe Experience Manager \| Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-26101	5.4 MEDIUM	Adobe Experience Manager \| Cross-site Scripting (Reflected XSS) (CWE-79)
CVE-2024-26051	5.4 MEDIUM	Adobe Experience Manager \| Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-26104	5.4 MEDIUM	Adobe Experience Manager \| Cross-site Scripting (Reflected XSS) (CWE-79)
CVE-2024-26034	5.4 MEDIUM	Adobe Experience Manager \| Cross-site Scripting (Stored XSS) (CWE-79)

Showing top 20 of 56 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: Adobe Experience Manager

Same vendor: Adobe

Same weakness: CWE-79

V. Comments for CVE-2024-26103

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2024-26103— Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79)

I. Basic Information for CVE-2024-26103

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2024-26103

III. Intelligence Information for CVE-2024-26103

Same Patch Batch · Adobe · 2024-03-18 · 56 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2024-26103

Leave a comment