Moderate severityNVD Advisory· Published Aug 9, 2022· Updated Apr 23, 2025

AEM File Upload Security Issue leading to RXSS

CVE-2022-35697

Description

Adobe Experience Manager Core Components version 2.20.6 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires a low author privilege access.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
com.adobe.cq:core.wcm.components.coreMaven	< 2.20.8	2.20.8

Affected products

ghsa-coords
pkg:maven/com.adobe.cq/core.wcm.components.core
Range: < 2.20.8
Adobe Inc./Experience Managercpe-rescue
Range: unspecified

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-qcgc-6q86-7x2pghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2022-35697ghsaADVISORY
github.com/adobe/aem-core-wcm-components/security/advisories/GHSA-qcgc-6q86-7x2pghsax_refsource_MISCWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000