Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn More

View all

Sign in to view all badges

Cross-site scripting

Avatar

Avatar
Validate 1
Level 1
ariesyinn
Level 1

Likes

0 likes

Total Posts

23 posts

Correct Reply

0 solutions
Top badges earned
Validate 1
View profile

Avatar
Validate 1
Level 1
ariesyinn
Level 1

Likes

0 likes

Total Posts

23 posts

Correct Reply

0 solutions
Top badges earned
Validate 1
View profile
ariesyinn
Level 1

10-05-2021

Hi all,

I am using AEM 6.2.0.SP1-CFP19 . There is two vulnerabilities 1) Stored cross-site scripting and 2)Cross-site scripting. Anyone can guide how to check whether these two vulnerabilities have in myAEM?

AEM_vulnerabilities.jpg

 

Thanks.

Accepted Solutions (1)

Accepted Solutions (1)

Avatar

Avatar
Boost 100
Employee
markus_bulla_adobe
Employee

Likes

105 likes

Total Posts

87 posts

Correct Reply

45 solutions
Top badges earned
Boost 100
Applaud 25
Affirm 25
Boost 50
Boost 25
View profile

Avatar
Boost 100
Employee
markus_bulla_adobe
Employee

Likes

105 likes

Total Posts

87 posts

Correct Reply

45 solutions
Top badges earned
Boost 100
Applaud 25
Affirm 25
Boost 50
Boost 25
View profile
markus_bulla_adobe
Employee

10-05-2021

Hi @ariesyinn!

AFAIK details on the exact attack vector or how to reproduce/test for these vulnerabilities are not published. 

 

To verify if your AEM installation is vulnerable, please refer to the mentioned fix packs in the "Download Package" column of your screenshot (taken from this page). If your AEM instances have at least the mentioned version (SP, CFP) the fix for the vulnerability is included. Even if you have only a later CFP installed and skipped the "original" one (e. g. CFP19 instead of the mentioned CFP12), the fix for the vulnerability is included as per Adobes CFP definition:

 

"a CFP contains fixes delivered through previous CFPs"
(see the according Release Notes page; for more information see Adobes Update Release Vehicle Definitions.)

 

So please verify the version of all your AEM instances (different environments, different instances, author and publish) and make sure that you have at least the mentioned SP and CFP installed.

 

Hope that helps!

Answers (0)