Adobe Experience Manager CVE-2018-12806 Cross Site Scripting Vulnerability

Bugtraq ID:	105067
Class:	Input Validation Error
CVE:	CVE-2018-12806
Remote:	Yes
Local:	No
Published:	Aug 14 2018 12:00AM
Updated:	Aug 14 2018 12:00AM
Credit:	Nagamarimuthu
Vulnerable:	Adobe Experience Manager 6.2 Adobe Experience Manager 6.1
Not Vulnerable:

Adobe Experience Manager CVE-2018-12806 Cross Site Scripting Vulnerability

Adobe Experience Manager is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

Adobe Experience Manager 6.1, and 6.2 are vulnerable.

Adobe Experience Manager CVE-2018-12806 Cross Site Scripting Vulnerability

To exploit this issue, the attacker needs to entice a user into following a malicious URI.

Adobe Experience Manager CVE-2018-12806 Cross Site Scripting Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Adobe Experience Manager CVE-2018-12806 Cross Site Scripting Vulnerability

References:

• Adobe Experience Manager Homepage (Adobe)
  
• APSB18-26: Security updates available for Adobe Experience Manager | APSB18-26 (Adobe)