acs-aem-commons is vulnerable to cross-site scripting (XSS). A remote attacker is able to inject and execute arbitrary Javascript in a user’s browser due to insecure handling of invalid JCR characters.
CPE | Name | Operator | Version |
---|---|---|---|
acs aem commons ui.apps package | le | 4.9.2 |