Solved
Cross-site scripting
Hi all,
I am using AEM 6.2.0.SP1-CFP19 . There is two vulnerabilities 1) Stored cross-site scripting and 2)Cross-site scripting. Anyone can guide how to check whether these two vulnerabilities have in myAEM?
Thanks.
This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Hi @ariesyinn!
AFAIK details on the exact attack vector or how to reproduce/test for these vulnerabilities are not published.
To verify if your AEM installation is vulnerable, please refer to the mentioned fix packs in the "Download Package" column of your screenshot (taken from this page). If your AEM instances have at least the mentioned version (SP, CFP) the fix for the vulnerability is included. Even if you have only a later CFP installed and skipped the "original" one (e. g. CFP19 instead of the mentioned CFP12), the fix for the vulnerability is included as per Adobes CFP definition:
"a CFP contains fixes delivered through previous CFPs"
(see the according Release Notes page; for more information see Adobes Update Release Vehicle Definitions.)
So please verify the version of all your AEM instances (different environments, different instances, author and publish) and make sure that you have at least the mentioned SP and CFP installed.
Hope that helps!
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.