CVE-2021-44178 MEDIUM

CVE-2021-44178: Adobe Experience Manager Reflected XSS in /bin/wcm/contentfinder/page/view.html

Vendor Adobe
Product Experience Manager
Weakness CWE-79 · XSS
Published January 13, 2022
Last update September 16, 2024
View on NVD All CVEs

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a reflected Cross-Site Scripting (XSS) vulnerability via the itemResourceType parameter. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser

Key dates

02Disclosure timeline

January 13, 2022 CVE published
September 16, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-1239 WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in Blocked Sites List CVE-2023-30752 WordPress External Videos Plugin <= 2.0.1 is vulnerable to Cross Site Scripting (XSS) CVE-2023-1372 WH Testimonials <= 3.0.0 - Unauthenticated Stored Cross-Site Scripting CVE-2024-27991 WordPress SupportCandy plugin <= 3.2.3 - Cross Site Scripting (XSS) vulnerability CVE-2026-42557 jupyterlab: Command linker attributes in HTML enable one-click command execution from untrusted content