Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:GHSA-F92J-QF46-P6VM
HistoryFeb 02, 2021 - 3:46 p.m.

Reflected Cross-site Scripting in ACS Commons

2021-02-0215:46:52
Google
osv.dev
12

0.01 Low

EPSS

Percentile

83.4%

JSON

Impact

ACS Commons version 4.9.2 (and earlier) suffers from a Reflected Cross-site Scripting (XSS) vulnerability in version-compare and page-compare due to invalid JCR characters that are not handled correctly.

An attacker could potentially exploit this vulnerability to inject malicious JavaScript content into vulnerable form fields and execute it within the context of the victim’s browser. Exploitation of this issue requires user interaction in order to be successful.

Patches

This issue has been resolved in v4.10.0

Workarounds

No workaround exist.

References

N/A

For more information

If you have any questions or comments about this advisory open an issue in acs-aem-commons.

Credit

This issue was discovered and reported by Christopher Whipp ([email protected]).

Related

osv 2
veracode 2
cve 2
gitlab 2
cvelist 2
nvd 2
zdi 1
github 2
prion 2
checkpoint_advisories 1
nessus 5
adobe 3
openvas 12
kaspersky 1
threatpost 1
qualysblog 1
osv
osv
CVE-2021-21043
2021-02-02 23:15:12
Reflected Cross-site Scripting (XSS) in ACS Commons
2021-05-13 22:31:14
veracode
veracode
Cross-Site Scripting (XSS)
2021-02-03 06:55:49
Cross-Site Scripting (XSS)
2021-02-03 05:21:08
cve
cve
CVE-2021-21043
2021-02-02 23:15:12
CVE-2021-21028
2021-02-11 20:15:14
gitlab
gitlab
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
2021-05-13 00:00:00
Use After Free
2021-02-02 00:00:00
cvelist
cvelist
CVE-2021-21043 Reflected Cross-site Scripting (XSS) on version-compare and page-compare tools
2021-02-01 00:00:00
CVE-2021-21028 Acrobat Reader DC Use-After-Free Vulnerability Could Lead To Arbitrary Code Execution
2021-02-09 00:00:00
nvd
nvd
CVE-2021-21043
2021-02-02 23:15:12
CVE-2021-21028
2021-02-11 20:15:14
zdi
zdi
Adobe Acrobat Reader DC Annotation page Property Use-After-Free Remote Code Execution Vulnerability
2021-03-08 00:00:00
github
github
Reflected Cross-site Scripting (XSS) in ACS Commons
2021-05-13 22:31:14
Reflected Cross-site Scripting in ACS Commons
2021-02-02 15:46:52
prion
prion
Cross site scripting
2021-02-02 23:15:00
Design/Logic Flaw
2021-02-11 20:15:00
checkpoint_advisories
checkpoint_advisories
Adobe Acrobat and Reader Use After Free (APSB21-09: CVE-2021-21028)
2021-02-09 00:00:00
nessus
nessus
Adobe InDesign < 16.2.1 Multiple Vulnerabilities (APSB21-22)
2021-05-14 00:00:00
Adobe Acrobat <= 2017.011.30188 / 2020.001.30018 / 2020.013.20074 Multiple Vulnerabilities (APSB21-09)
2021-02-11 00:00:00
Adobe Reader <= 2017.011.30188 / 2020.001.30018 / 2020.013.20074 Multiple Vulnerabilities (APSB21-09) (macOS)
2021-02-11 00:00:00
adobe
adobe
APSB21-22 Security updates available for Adobe InDesign
2021-05-11 00:00:00
APSB21-73 Security update available for Adobe InDesign
2021-09-14 00:00:00
APSB21-09 Security update available for Adobe Acrobat and Reader
2021-02-09 00:00:00
openvas
openvas
Adobe Reader 2017 Security Update (APSB21-09) - Windows
2021-02-11 00:00:00
Adobe Acrobat 2017 Security Update (APSB21-09) - Windows
2021-02-11 00:00:00
Adobe Acrobat DC (Continuous) Security Update (APSB21-09) - Windows
2021-02-11 00:00:00
kaspersky
kaspersky
KLA12066 Multiple vulnerabilities in Adobe Acrobat and Adobe Acrobat Reader
2021-02-09 00:00:00
threatpost
threatpost
Attackers Exploit Critical Adobe Bug, Target Windows
2021-02-09 19:40:47
qualysblog
qualysblog
Microsoft & Adobe Patch Tuesday (May 2021) – Qualys covers 85 Vulnerabilities, 26 Critical
2021-05-11 21:53:37

0.01 Low

EPSS

Percentile

83.4%

JSON
Related for OSV:GHSA-F92J-QF46-P6VM
osv2veracode2cve2gitlab2cvelist2nvd2zdi1github2prion2checkpoint_advisories1nessus5adobe3openvas12kaspersky1threatpost1qualysblog1