Vulnerability Description
Cross-site scripting (XSS) vulnerability in Adobe Experience Manager (AEM) 6.1.0 allows remote authenticated users to inject arbitrary web script or HTML via a folder title field that is mishandled in the Deletion popup dialog.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Adobe | Experience Manager | 6.1.0 |
| Apple | Mac Os X | All versions |
| Linux | Linux Kernel | All versions |
| Microsoft | Windows | All versions |
Related Weaknesses (CWE)
References
- http://www.csnc.ch/misc/files/advisories/CVE-2016-0955_AEM-XSS.txt
- https://helpx.adobe.com/security/products/experience-manager/apsb16-05.htmlPatchVendor Advisory
- http://www.csnc.ch/misc/files/advisories/CVE-2016-0955_AEM-XSS.txt
- https://helpx.adobe.com/security/products/experience-manager/apsb16-05.htmlPatchVendor Advisory
FAQ
What is CVE-2016-0955?
CVE-2016-0955 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Cross-site scripting (XSS) vulnerability in Adobe Experience Manager (AEM) 6.1.0 allows remote authenticated users to inject arbitrary web script or HTML via a folder title field that is mishandled in...
How severe is CVE-2016-0955?
CVE-2016-0955 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-0955?
Check the references section above for vendor advisories and patch information. Affected products include: Adobe Experience Manager, Apple Mac Os X, Linux Linux Kernel, Microsoft Windows.