com.adobe.acs:acs-aem-commons@4.8.4 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the com.adobe.acs:acs-aem-commons package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Cross-site Scripting (XSS)

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in version-compare and page-compare due to invalid JCR characters that are not handled correctly. An attacker could potentially exploit this vulnerability to inject malicious JavaScript content into vulnerable form fields and execute it within the context of the victim's browser. Exploitation of this issue requires user interaction in order to be successful.

How to fix Cross-site Scripting (XSS)?

Upgrade com.adobe.acs:acs-aem-commons to version 4.10.0 or higher.

[,4.10.0)
  • M
Cross-site Scripting (XSS)

Affected versions of this package are vulnerable to Cross-site Scripting (XSS). Vulnerable versions of ACS Commons suffer from a reflected XSS vulnerability in version-compare and page-compare due to invalid JCR characters that are not handled correctly. An attacker could potentially exploit this vulnerability to inject malicious JavaScript content into vulnerable form fields and execute it within the context of the victim's browser. Exploitation of this issue requires user interaction in order to be successful.

How to fix Cross-site Scripting (XSS)?

Upgrade com.adobe.acs:acs-aem-commons to version 4.10.0 or higher.

[,4.10.0)