CVE-2024-43735 MEDIUM

CVE-2024-43735: Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79)

Vendor Adobe

Product Adobe Experience Manager

Weakness CWE-79 · XSS

Published December 10, 2024

Last update December 11, 2024

View on NVD All CVEs

CVSS base score

5.4/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Adobe Experience Manager versions 6.5.21 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

Key dates

02Disclosure timeline

December 10, 2024 CVE published

December 11, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-43735 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2025-22345 WordPress TS Comfort DB plugin <= 2.0.7 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2025-20385 Stored Cross-Site scripting (XSS) through Anchor Tag "href" in Navigation Bar Collections in Splunk Enterprise CVE-2026-25802 New API has Potential XSS in its MarkdownRenderer component CVE-2023-50824 WordPress Insert or Embed Articulate Content into WordPress Plugin <= 4.3000000021 is vulnerable to Cross Site Scripting (XSS) CVE-2022-43952