CVE-2020-9732 CRITICAL

CVE-2020-9732: Stored XSS in AEM Sites Components

Vendor Adobe
Product Experience Manager
Weakness CWE-79 · XSS
Published September 10, 2020
Last update September 17, 2024
View on NVD All CVEs

CVSS base score

9.0/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

The AEM Forms add-on for versions 6.5.5.0 (and below) and 6.4.8.2 (and below) are affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Sites component. These scripts may be executed in a victim’s browser when they open the page containing the vulnerable field.

Key dates

02Disclosure timeline

September 10, 2020 CVE published
September 17, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2020-25158 B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus CVE-2023-1716 Bitrix24 Stored Cross-Site Scripting (XSS) via Improper Input Neutralization on Invoice Edit Page (2 of 2) CVE-2026-27243 Adobe Connect | Cross-site Scripting (Reflected XSS) (CWE-79) CVE-2025-4611 Slim SEO <= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via slim_seo_breadcrumbs Shortcode CVE-2025-15203 SohuTV CacheCloud ResourceController.java index cross site scripting