CVE-2024-41847 MEDIUM

CVE-2024-41847: Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79)

Vendor Adobe

Product Adobe Experience Manager

Weakness CWE-79 · XSS

Published August 23, 2024

Last update October 7, 2024

View on NVD All CVEs

CVSS base score

5.4/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

Key dates

02Disclosure timeline

August 23, 2024 CVE published

October 7, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-41847

Related vulnerabilities

04Related CVE

CVE-2021-24373 WP Hardening < 1.2.2 - Reflected XSS via historyvalue CVE-2025-23926 WordPress Ajax WP Query Search Filter plugin <= 1.0.7 - Stored Cross Site Scripting (XSS) vulnerability CVE-2020-37235 WordPress Theme Wibar 1.1.8 Stored Cross-Site Scripting via Brand Component CVE-2018-25331 Zenar Content Management System Cross-Site Scripting via ajax.php CVE-2025-22714 WordPress MDJM Event Management Plugin <= 1.7.5.6 - Reflected Cross Site Scripting (XSS) vulnerability