Vulnerability Description
ACS Commons version 4.9.2 (and earlier) suffers from a Reflected Cross-site Scripting (XSS) vulnerability in version-compare and page-compare due to invalid JCR characters that are not handled correctly. An attacker could potentially exploit this vulnerability to inject malicious JavaScript content into vulnerable form fields and execute it within the context of the victim's browser. Exploitation of this issue requires user interaction in order to be successful.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Adobe | Adobe Consulting Services Commons | <= 4.9.2 |
Related Weaknesses (CWE)
References
- https://github.com/Adobe-Consulting-Services/acs-aem-commons/security/advisoriesThird Party Advisory
- https://github.com/Adobe-Consulting-Services/acs-aem-commons/security/advisoriesThird Party Advisory
FAQ
What is CVE-2021-21043?
CVE-2021-21043 is a vulnerability with a CVSS score of 6.1 (MEDIUM). ACS Commons version 4.9.2 (and earlier) suffers from a Reflected Cross-site Scripting (XSS) vulnerability in version-compare and page-compare due to invalid JCR characters that are not handled correct...
How severe is CVE-2021-21043?
CVE-2021-21043 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-21043?
Check the references section above for vendor advisories and patch information. Affected products include: Adobe Adobe Consulting Services Commons.