Description
Adobe Experience Manager Core Components version 2.20.6 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires a low author privilege access.
Remediation
References
https://github.com/adobe/aem-core-wcm-components/security/advisories/GHSA-qcgc-6q86-7x2p
Related Vulnerabilities
CVE-2023-43123 Vulnerability in maven package org.apache.storm:storm-client
CVE-2019-19771 Vulnerability in npm package bictore-lib
CVE-2018-1000616 Vulnerability in maven package org.onosproject:onos-cli
CVE-2014-10067 Vulnerability in npm package paypal-ipn
CVE-2022-26112 Vulnerability in maven package org.apache.pinot:pinot-spi