Global infos:

Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE Status: Analyzed

References:

[email protected]

Metrics:

Attribute	Value
Attack Complexity	LOW
Attack Vector	NETWORK
Availability Impact	NONE
Base Score	5.4
Base Severity	MEDIUM
Confidentiality Impact	LOW
Integrity Impact	LOW
Privileges Required	LOW
Scope	CHANGED
User Interaction	REQUIRED
Vector String	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Exploitability Score	2.3
Impact Score	2.7
Source	[email protected]
Type	Primary

Links:

Exploit-db
Github