CVE-2022-42365 MEDIUM

CVE-2022-42365: AEM Reflected XSS Arbitrary code execution

Vendor Adobe
Product Experience Manager
Weakness CWE-79 · XSS
Published December 21, 2022
Last update April 23, 2025
View on NVD All CVEs

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

Key dates

02Disclosure timeline

December 21, 2022 CVE published
April 23, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2019-19293 CVE-2026-34802 Endian Firewall /cgi-bin/salearn.cgi remark user ham spam Stored Cross-Site Scripting CVE-2024-26096 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) CVE-2026-30974 Copyparty volflag `nohtml` did not block javascript in svg files CVE-2025-0828 Stored Cross-site Scripting (XSS) vulnerability affecting Engineering Release in ENOVIA Product Engineering Specialist from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x