Adobe Experience Manager Forms CVE-2018-19724 HTML Injection Vulnerability

Bugtraq ID:	106677
Class:	Input Validation Error
CVE:	CVE-2018-19724
Remote:	Yes
Local:	No
Published:	Jan 22 2019 12:00AM
Updated:	Jan 22 2019 12:00AM
Credit:	Adam Willard
Vulnerable:	Adobe Experience Manager Forms 6.4 Adobe Experience Manager Forms 6.3 Adobe Experience Manager Forms 6.2
Not Vulnerable:

Adobe Experience Manager Forms CVE-2018-19724 HTML Injection Vulnerability

Adobe Experience Manager Forms is prone to a HTML-injection vulnerability because it fails to sanitize user-supplied input.

Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible.

Adobe Experience Manager Forms versions 6.4, 6.3, and 6.2 are vulnerable.

Adobe Experience Manager Forms CVE-2018-19724 HTML Injection Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Adobe Experience Manager Forms CVE-2018-19724 HTML Injection Vulnerability

References:

• Adobe Homepage (Adobe)
  
• AEM Forms releases (Adobe)
  
• APSB19-03: Security updates available for Adobe Experience Manager Forms (Adobe)