CVE-2021-21043 MEDIUM

CVE-2021-21043: Reflected Cross-site Scripting (XSS) on version-compare and page-compare tools

Vendor Adobe
Product Experience Manager
Weakness CWE-79 · XSS
Published February 2, 2021
Last update September 17, 2024

CVSS base score

6.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

ACS Commons version 4.9.2 (and earlier) suffers from a Reflected Cross-site Scripting (XSS) vulnerability in version-compare and page-compare due to invalid JCR characters that are not handled correctly. An attacker could potentially exploit this vulnerability to inject malicious JavaScript content into vulnerable form fields and execute it within the context of the victim's browser. Exploitation of this issue requires user interaction in order to be successful.

Key dates

02Disclosure timeline

February 2, 2021 CVE published
September 17, 2024 Record updated

Related vulnerabilities

04Related CVE