Main Vulnerability Database Vulnerabilities #VU1302

#VU1302 Cross-site scripting in Adobe Experience Manager - CVE-2016-7883

Published: December 14, 2016

Vulnerability identifier: #VU1302

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear

CVE-ID: CVE-2016-7883

CWE-ID: CWE-79

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Adobe Experience Manager

Software vendor:
Adobe

Description

The vulnerability allows a remote attacker to perform XSS attacks.

The vulnerability is caused by insufficient sanitization of user-supplied input in create launch Wizard functionality. A remote attacker can create a specially crafted web page, trick the victim into visiting this page and execute arbitrary HTML and JavaScript code in victim’s browser in security context of vulnerable website.

Successful exploitation of the vulnerability may allow an attacker to perform phishing and drive-by-download attacks as well as steal victim’s cookies.

Remediation

To resolve the vulnerability, please install the following patch:

Adobe Experience Manager 6.2:
https://www.adobeaemcloud.com/content/marketplace/marketplaceProxy.html?packagePath=/content/compani...

External links

https://helpx.adobe.com/security/products/experience-manager/apsb16-42.html

#VU1302 Cross-site scripting in Adobe Experience Manager - CVE-2016-7883

Description

Remediation

External links

Please verify you're human