Expand my Community achievements bar.

SOLVED

Cross-site scripting

Avatar

Level 4
Level 4
5/10/21 2:20:19 AM

Hi all,

I am using AEM 6.2.0.SP1-CFP19 . There is two vulnerabilities 1) Stored cross-site scripting and 2)Cross-site scripting. Anyone can guide how to check whether these two vulnerabilities have in myAEM?

AEM_vulnerabilities.jpg

 

Thanks.

Views

689

Replies

1
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Employee Advisor
Employee Advisor
5/10/21 2:54:57 AM

Hi @ariesyinn!

AFAIK details on the exact attack vector or how to reproduce/test for these vulnerabilities are not published. 

 

To verify if your AEM installation is vulnerable, please refer to the mentioned fix packs in the "Download Package" column of your screenshot (taken from this page). If your AEM instances have at least the mentioned version (SP, CFP) the fix for the vulnerability is included. Even if you have only a later CFP installed and skipped the "original" one (e. g. CFP19 instead of the mentioned CFP12), the fix for the vulnerability is included as per Adobes CFP definition:

 

"a CFP contains fixes delivered through previous CFPs"
(see the according Release Notes page; for more information see Adobes Update Release Vehicle Definitions.)

 

So please verify the version of all your AEM instances (different environments, different instances, author and publish) and make sure that you have at least the mentioned SP and CFP installed.

 

Hope that helps!

View solution in original post

Views

677

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
1 Reply

Avatar

Correct answer by
Employee Advisor
Employee Advisor
5/10/21 2:54:57 AM

Hi @ariesyinn!

AFAIK details on the exact attack vector or how to reproduce/test for these vulnerabilities are not published. 

 

To verify if your AEM installation is vulnerable, please refer to the mentioned fix packs in the "Download Package" column of your screenshot (taken from this page). If your AEM instances have at least the mentioned version (SP, CFP) the fix for the vulnerability is included. Even if you have only a later CFP installed and skipped the "original" one (e. g. CFP19 instead of the mentioned CFP12), the fix for the vulnerability is included as per Adobes CFP definition:

 

"a CFP contains fixes delivered through previous CFPs"
(see the according Release Notes page; for more information see Adobes Update Release Vehicle Definitions.)

 

So please verify the version of all your AEM instances (different environments, different instances, author and publish) and make sure that you have at least the mentioned SP and CFP installed.

 

Hope that helps!

Views

678

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
Related Conversations
Best Site Search Engine with AEM

Views

99

Likes

0

Replies

4
How to managing Cross-Domain Redirects in AEM Cloud

Views

225

Likes

0

Replies

7
I have a problem with the times being off when publishing to sites

Views

171

Likes

0

Replies

6
Add type="module" to the script tag when AEM introduces JS

Views

131

Likes

0

Replies

2
How to propagate template code changes to sites using that template

Views

131

Likes

0

Replies

4