CVE-2022-35697

MEDIUM

Adobe Experience Manager Core Components <2.20.6 - XSS

Title source: llm
STIX 2.1

Description

Adobe Experience Manager Core Components version 2.20.6 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires a low author privilege access.

References (1)

Core 1

Scores

CVSS v3 5.4
EPSS 0.0060
EPSS Percentile 44.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (2)
adobe/web_content_management_core_components < 2.20.6
com.adobe.cq/core.wcm.components.core 0 - 2.20.8Maven
Published Aug 10, 2022
Tracked Since Feb 18, 2026