Adobe fixed XSS flaws in Experience Manager that can result in information Disclosure

Pierluigi Paganini January 22, 2019

Adobe released security updates to address multiple XSS vulnerabilities in the Experience Manager and Experience Manager Forms that can lead to information disclosure.

Adobe released security updates for the Experience Manager and Experience Manager Forms to address flaws that can lead to information disclosure.

The Experience Manager is affected by a stored cross-site scripting (XSS) issue and a reflected XSS issue.

The former is rated as ‘important’ severity, the latter as ‘moderate’ severity, both can result in the exposure of sensitive data. .

“Adobe has released security updates for Adobe Experience Manager. These updates resolve one reflected cross-site scripting vulnerability rated Moderate, and one stored cross-site scripting vulnerability rated Important that could result in sensitive information disclosure. ” reads the security advisory published by Adobe.

The good news is that Adobe is not aware of threat actors attempting to exploit these vulnerabilities in the wild. Anyway, the tech giant is urging administrator to install the updates within 30 days.

Adobe also addressed a stored XSS vulnerability in the Experience Manager Forms, the bug was discovered by the security researchers Adam Willard.

“Adobe has released security updates for Adobe Experience Manager Forms. These updates resolve a stored cross-site scripting vulnerability rated Important that could result in sensitive information disclosure.” reads the security advisory.

The company addressed other issues in its products in January; the company Patch Tuesday security updates for January 2019 fixed two flaws rated as “important” in the Connect and Digital Editions products.

The first Adobe security updates for 2019 addressed two critical vulnerabilities in the Acrobat and Reader products.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Adobe, XSS)

[adrotate banner=”5″] [adrotate banner=”13″]



you might also like

leave a comment