Description
Adobe Experience Manager Core Components version 2.20.6 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires a low author privilege access.
Remediation
References
https://github.com/adobe/aem-core-wcm-components/security/advisories/GHSA-qcgc-6q86-7x2p
Related Vulnerabilities
CVE-2021-21120 Vulnerability in maven package org.webjars.npm:electron
CVE-2021-26275 Vulnerability in npm package eslint-fixer
CVE-2019-0195 Vulnerability in maven package org.apache.tapestry:tapestry-core
CVE-2016-10525 Vulnerability in npm package hapi-auth-jwt2
CVE-2015-8860 Vulnerability in maven package org.webjars:tar