CVE-2022-24874

 

Published at: - 20-04-2022 11:15

Last modified: - 21-04-2022 11:06

Total changes: - 2

Description

acs commons is an open source framework for AEM projects. ACS Commons version 5.1.x (and earlier) suffers from a Reflected Cross-site Scripting (XSS) vulnerability in /apps/acs-commons/content/page-compare.html` endpoint via the `a` and `b` GET parameters. User input submitted via these parameters is not validated or sanitized. An attacker must provide a link to someone with access to AEM Author, and could potentially exploit this vulnerability to inject malicious JavaScript content into vulnerable form fields and execute it within the context of the victim's browser. The exploitation of this issue requires user interaction in order to be successful. This issue has been resolved in 5.2.0. There are no known workarounds for this issue.

Common Vulnerability Scoring System (CVSS)

-

 

 

Reference

• https://github.com/Adobe-Consulting-Services/acs-aem-commons/security/advisories/GHSA-w5m2-299g-rff5
• https://mvnrepository.com/artifact/com.adobe.acs/acs-aem-commons
• https://github.com/Adobe-Consulting-Services/acs-aem-commons/commit/ff15e21e422f9de40164639e2d636c3c0d340080

 

Keywords

NVD

 

CVE-2022-24874

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures