VYPR

Experience Manager

by Adobe Marketing Cloud

CVEs (6)

  • CVE-2018-12809HigJul 20, 2018
    risk 0.49cvss 7.5epss 0.05

    Adobe Experience Manager versions 6.4 and earlier have a Server-Side Request Forgery vulnerability. Successful exploitation could lead to sensitive information disclosure.

  • CVE-2024-26084Apr 10, 2024
    risk 0.00cvss epss 0.01

    Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when…

  • CVE-2023-51460Dec 20, 2023
    risk 0.00cvss epss 0.00

    Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s…

  • CVE-2020-14989Mar 11, 2021
    risk 0.00cvss epss 0.01

    An issue was discovered in Bloomreach Experience Manager (brXM) 4.1.0 through 14.2.2. It allows CSRF if the attacker uses GET where POST was intended.

  • CVE-2020-14988Mar 11, 2021
    risk 0.00cvss epss 0.01

    An issue was discovered in Bloomreach Experience Manager (brXM) 4.1.0 through 14.2.2. It allows XSS in the login page via the loginmessage parameter, the text editor via the src attribute of HTML elements, the translations menu via the foldername parameter, the author page via…

  • CVE-2020-14987Mar 11, 2021
    risk 0.00cvss epss 0.04

    An issue was discovered in Bloomreach Experience Manager (brXM) 4.1.0 through 14.2.2. It allows remote attackers to execute arbitrary code because there is a mishandling of the capability for administrators to write and run Groovy scripts within the updater editor. An attacker…