Description
Adobe Experience Manager Core Components version 2.20.6 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires a low author privilege access.
Remediation
References
https://github.com/adobe/aem-core-wcm-components/security/advisories/GHSA-qcgc-6q86-7x2p
Related Vulnerabilities
CVE-2016-4433 Vulnerability in maven package org.apache.struts:struts2-core
CVE-2022-45400 Vulnerability in maven package org.jvnet.hudson.plugins:japex
CVE-2018-1335 Vulnerability in maven package org.apache.tika:tika-core
CVE-2007-5333 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core
CVE-2019-1003067 Vulnerability in maven package org.jenkins-ci.plugins:trac-publisher-plugin