Adobe Experience Manager CVE-2018-19726 HTML Injection Vulnerability

Bugtraq ID:	106679
Class:	Input Validation Error
CVE:	CVE-2018-19726
Remote:	Yes
Local:	No
Published:	Jan 22 2019 12:00AM
Updated:	Jan 22 2019 12:00AM
Credit:	The vendor reported this issue.
Vulnerable:	Adobe Experience Manager 6.4 Adobe Experience Manager 6.3 Adobe Experience Manager 6.2 Adobe Experience Manager 6.1 Adobe Experience Manager 6.0
Not Vulnerable:

Adobe Experience Manager CVE-2018-19726 HTML Injection Vulnerability

Adobe Experience Manager is prone to a HTML-injection vulnerability because it fails to sanitize user-supplied input.

Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible.

Adobe Experience Manager 6.0 through 6.4 are vulnerable.

Adobe Experience Manager CVE-2018-19726 HTML Injection Vulnerability

An attacker can exploit this issue using a web browser.

Adobe Experience Manager CVE-2018-19726 HTML Injection Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Adobe Experience Manager CVE-2018-19726 HTML Injection Vulnerability

References:

• Adobe Experience Manager AEM releases and updates (Adobe)
  
• Adobe Homepage (Adobe)
  
• APSB19-09: Security updates available for Adobe Experience Manager (Adobe)