Expand my Community achievements bar.

SOLVED

Cross-site scripting

Avatar

Level 4
Level 4
5/10/21 2:20:19 AM

Hi all,

I am using AEM 6.2.0.SP1-CFP19 . There is two vulnerabilities 1) Stored cross-site scripting and 2)Cross-site scripting. Anyone can guide how to check whether these two vulnerabilities have in myAEM?

AEM_vulnerabilities.jpg

 

Thanks.

Views

577

Replies

1
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Employee Advisor
Employee Advisor
5/10/21 2:54:57 AM

Hi @ariesyinn!

AFAIK details on the exact attack vector or how to reproduce/test for these vulnerabilities are not published. 

 

To verify if your AEM installation is vulnerable, please refer to the mentioned fix packs in the "Download Package" column of your screenshot (taken from this page). If your AEM instances have at least the mentioned version (SP, CFP) the fix for the vulnerability is included. Even if you have only a later CFP installed and skipped the "original" one (e. g. CFP19 instead of the mentioned CFP12), the fix for the vulnerability is included as per Adobes CFP definition:

 

"a CFP contains fixes delivered through previous CFPs"
(see the according Release Notes page; for more information see Adobes Update Release Vehicle Definitions.)

 

So please verify the version of all your AEM instances (different environments, different instances, author and publish) and make sure that you have at least the mentioned SP and CFP installed.

 

Hope that helps!

View solution in original post

Views

565

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
1 Reply

Avatar

Correct answer by
Employee Advisor
Employee Advisor
5/10/21 2:54:57 AM

Hi @ariesyinn!

AFAIK details on the exact attack vector or how to reproduce/test for these vulnerabilities are not published. 

 

To verify if your AEM installation is vulnerable, please refer to the mentioned fix packs in the "Download Package" column of your screenshot (taken from this page). If your AEM instances have at least the mentioned version (SP, CFP) the fix for the vulnerability is included. Even if you have only a later CFP installed and skipped the "original" one (e. g. CFP19 instead of the mentioned CFP12), the fix for the vulnerability is included as per Adobes CFP definition:

 

"a CFP contains fixes delivered through previous CFPs"
(see the according Release Notes page; for more information see Adobes Update Release Vehicle Definitions.)

 

So please verify the version of all your AEM instances (different environments, different instances, author and publish) and make sure that you have at least the mentioned SP and CFP installed.

 

Hope that helps!

Views

566

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply