CVE-2022-28820 Vulnerability Details

  /     /     /  

CVE-2022-28820 Metadata Quick Info

CVE Published: 21/04/2022 | CVE Updated: 17/09/2024 | CVE Year: 2022
Source: adobe | Vendor: Adobe | Product: Experience Manager
Status : PUBLISHED

---

CVE-2022-28820 Description

ACS Commons version 5.1.x (and earlier) suffers from a Reflected Cross-site Scripting (XSS) vulnerability in /apps/acs-commons/content/page-compare.html endpoint via the a and b GET parameters. User input submitted via these parameters is not validated or sanitised. An attacker must provide a link to someone with access to AEM Author, and could potentially exploit this vulnerability to inject malicious JavaScript content into vulnerable form fields and execute it within the context of the victim\'s browser. The exploitation of this issue requires user interaction in order to be successful.

Metrics

CVSS Version: 3.1 | Base Score: 6.1 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* NONE
    User Interaction (UI)* REQUIRED
    Scope (S)* CHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* LOW
    Integrity Impact (I)* LOW
    Availability Impact (A)* NONE

Weakness Enumeration (CWE)

CWE-ID: CWE-79
CWE Name: Cross-site Scripting (Reflected XSS) (CWE-79)
Source: Adobe

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).