Critical
CVE-2022-1345
Stored XSS viva .svg file upload in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking…
Tag: Stored XSS
All CVEs associated with "Stored XSS". Page 36/45 • 5376 CVEs.
Subscribe CVEs: RSS for “Stored XSS” · RSS (High+Critical only)
About “Stored XSS”
A curated feed of “Stored XSS”-related CVEs appears below. We currently track 5376 CVEs for this tag (all time). In the last 365 days, 1195 were published. Average CVSS is 6.2 (all time; 6.4 over 365d), and 18% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-352 - Cross-Site Request Forgery (CSRF), CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS).
In our taxonomy this topic maps to a MODERATE impact class. Common exploitation patterns for this weakness can lead to moderate. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2022-04-13
Critical
CVE-2022-1346
Multiple Stored XSS in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive d…
Critical
CVE-2022-1344
Stored XSS due to no sanitization in the filename in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to…
2022-04-12
Medium
CVE-2022-1330
stored xss due to unsantized anchor url in GitHub repository alvarotrigo/fullpage.js prior to 4.0.4. stored xss .
2022-04-11
Medium
CVE-2022-22571
An authenticated high privileged user can perform a stored XSS attack due to incorrect output encoding in Incapptic connect and affects all current versions.
Medium
CVE-2022-1045
Stored XSS viva .svg file upload in GitHub repository polonel/trudesk prior to v1.2.0.
2022-04-10
Medium
CVE-2022-1290
Stored XSS in "Name", "Group Name" & "Title" in GitHub repository polonel/trudesk prior to v1.2.0. This allows attackers to execute malicious scripts in the user's browser and it can lead to session…
2022-04-06
Medium
CVE-2022-27107
OrangeHRM 4.10 is vulnerable to Stored XSS in the "Share Video" section under "OrangeBuzz" via the GET/POST "createVideo[linkAddress]" parameter
2022-04-05
Medium
CVE-2022-25373
Zoho ManageEngine SupportCenter Plus before 11020 allows Stored XSS in the request history.
2022-04-04
High
CVE-2022-1190
Improper handling of user input in GitLab CE/EE versions 8.3 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowed an attacker to exploit a stored XSS by abusing multi-word mileston…
Medium
CVE-2021-33616
RSA Archer 6.x through 6.9 SP1 P4 (6.9.1.4) allows stored XSS.
2022-03-30
Medium
CVE-2021-44310
An issue was discovered in Firmware Analysis and Comparison Tool v3.2. With administrator privileges, the attacker could perform stored XSS attacks by inserting JavaScript and HTML code in user creat…
Medium
CVE-2022-23136
There is a stored XSS vulnerability in ZTE home gateway product. An attacker could modify the gateway name by inserting special characters and trigger an XSS attack when the user views the current to…
2022-03-29
Medium
CVE-2022-23903
A Cross Site Scripting (XSS) vulnerability exists in pearadmin pear-admin-think <=5.0.6, which allows a login account to access arbitrary functions and cause stored XSS through a fake User-Agent.
Medium
CVE-2022-24957
DHC Vision eQMS through 5.4.8.322 has Persistent XSS due to insufficient encoding of untrusted input/output. To exploit the vulnerability, the attacker has to create or edit a new information object…
2022-03-24
Medium
CVE-2021-43659
In halo 1.4.14, the function point of uploading the avatar, any file can be uploaded, such as uploading an HTML file, which will cause a stored XSS vulnerability.
2022-03-16
Medium
CVE-2021-45822
A cross-site scripting vulnerability is present in Xbtit 3.1. The stored XSS vulnerability occurs because /ajaxchat/sendChatData.php does not properly validate the value of the "n" (POST) parameter.…
2022-03-15
Medium
CVE-2022-0967
Stored XSS via File Upload in star7th/showdoc in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.10.4.
Medium
CVE-2022-0966
Stored XSS via File Upload in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.4.10.
Medium
CVE-2022-0965
Stored XSS viva .ofd file upload in GitHub repository star7th/showdoc prior to 2.10.4.
Medium
CVE-2022-0964
Stored XSS viva .webmv file upload in GitHub repository star7th/showdoc prior to 2.10.4.
Medium
CVE-2022-0963
Unrestricted XML Files Leads to Stored XSS in GitHub repository microweber/microweber prior to 1.2.12.
Medium
CVE-2022-0942
Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to 2.10.4.
Medium
CVE-2022-0957
Stored XSS via File Upload in GitHub repository star7th/showdoc prior to 2.10.4.
Medium
CVE-2022-0956
Stored XSS via File Upload in GitHub repository star7th/showdoc prior to v.2.10.4.
Medium
CVE-2022-0951
File Upload Restriction Bypass leading to Stored XSS Vulnerability in GitHub repository star7th/showdoc prior to 2.10.4.
Medium
CVE-2022-0945
Stored XSS viva axd and cshtml file upload in star7th/showdoc in GitHub repository star7th/showdoc prior to v2.10.4.
2022-03-14
Medium
CVE-2022-0962
Stored XSS viva .webma file upload in GitHub repository star7th/showdoc prior to 2.10.4.
Medium
CVE-2022-0960
Stored XSS viva .properties file upload in GitHub repository star7th/showdoc prior to 2.10.4.
Medium
CVE-2022-0946
Stored XSS viva cshtm file upload in GitHub repository star7th/showdoc prior to v2.10.4.
High
CVE-2022-24386
Stored XSS in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010.
Medium
CVE-2022-0941
Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4.
Medium
CVE-2022-0940
Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4.
Medium
CVE-2022-0938
Stored XSS via file upload in GitHub repository star7th/showdoc prior to v2.10.4.
Medium
CVE-2022-0937
Stored xss in showdoc through file upload in GitHub repository star7th/showdoc prior to 2.10.4.
2022-03-12
Medium
CVE-2022-0930
File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12.
Medium
CVE-2022-0926
File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12.
2022-03-11
Medium
CVE-2021-32475
ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported v…
2022-03-10
Medium
CVE-2022-0906
Unrestricted file upload leads to stored XSS in GitHub repository microweber/microweber prior to 1.1.12.
2022-03-01
Medium
CVE-2022-26332
Cipi 3.1.15 allows Add Server stored XSS via the /api/servers name field.
2022-02-28
Medium
CVE-2021-24977
The Use Any Font | Custom Font Uploader WordPress plugin before 6.2.1 does not have any authorisation checks when assigning a font, allowing unauthenticated users to sent arbitrary CSS which will the…
2022-02-26
Medium
CVE-2022-26146
Tricentis qTest before 10.4 allows stored XSS by an authenticated attacker.
2022-02-25
Medium
CVE-2022-24347
JetBrains YouTrack before 2021.4.36872 was vulnerable to stored XSS via a project icon.
Medium
CVE-2022-24344
JetBrains YouTrack before 2021.4.31698 was vulnerable to stored XSS on the Notification templates page.
Medium
CVE-2022-24339
JetBrains TeamCity before 2021.2.1 was vulnerable to stored XSS.
Medium
CVE-2022-24612
An authenticated user can upload an XML file containing an XSS via the ITSM module of EyesOfNetwork 5.3.11, resulting in a stored XSS.
2022-02-24
Medium
CVE-2020-14502
The web interface of the 1734-AENTR communication module is vulnerable to stored XSS. A remote, unauthenticated attacker could store a malicious script within the web interface that, when executed, c…
2022-02-20
Medium
CVE-2022-23054
Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Summary Widget” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa op…
Medium
CVE-2022-23053
Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Condition Widget” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa…
Medium
CVE-2022-22126
Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Web Page” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct…
2022-02-18
Medium
CVE-2021-40840
A Stored XSS issue exists in the admin/users user administration form in LiveConfig 2.12.2.
2022-02-14
Medium
CVE-2021-25018
The PPOM for WooCommerce WordPress plugin before 24.0 does not have authorisation and CSRF checks in the ppom_settings_panel_action AJAX action, allowing any authenticated to call it and set arbitrar…
Medium
CVE-2021-24446
The Remove Footer Credit WordPress plugin before 1.0.6 does not have CSRF check in place when saving its settings, which could allow attacker to make logged in admins change them and lead to Stored X…
2022-02-11
Medium
CVE-2021-4046
The m_txtNom y m_txtCognoms parameters in TCMAN GIM v8.01 allow an attacker to perform persistent XSS attacks. This vulnerability could be used to carry out a number of browser-based attacks includin…
2022-02-09
Medium
CVE-2021-44912
In XE 1.116, when uploading the Normal button, there is no restriction on the file suffix, which leads to any file uploading to the files directory. Since .htaccess only restricts the PHP type, uploa…
Medium
CVE-2021-44911
XE before 1.11.6 is vulnerable to Unrestricted file upload via modules/menu/menu.admin.controller.php. When uploading the Mouse over button and When selected button, there is no restriction on the fi…
2022-01-28
Medium
CVE-2022-22791
SYNEL - eharmony Authenticated Blind & Stored XSS. Inject JS code into the "comments" field could lead to potential stealing of cookies, loading of HTML tags and JS code onto the system.
2022-01-26
Medium
CVE-2021-44118
SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability. To exploit the vulnerability, a visitor must browse to a malicious SVG file. The vulnerability allows an authenticated attacker t…
2022-01-17
Medium
CVE-2021-25046
The Modern Events Calendar Lite WordPress plugin before 6.2.0 alloed any logged-in user, even a subscriber user, may add a category whose parameters are incorrectly escaped in the admin panel, leadin…
2022-01-13
Medium
CVE-2021-23824
This affects the package Crow before 0.3+4. When using attributes without quotes in the template, an attacker can manipulate the input to introduce additional attributes, potentially executing code.…
2022-01-12
Medium
CVE-2021-43436
MartDevelopers Inc iResturant v1.0 allows Stored XSS by placing a payload in the username field during a login attempt. When an administrator looks at the log of failed logins, the XSS payload will b…
2022-01-06
High
CVE-2022-21662
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Low-privileged authenticated users (like author) in WordPress core are able to execute…
2022-01-04
High
CVE-2022-21650
Convos is an open source multi-user chat that runs in a web browser. You can't use SVG extension in Convos' chat window, but you can upload a file with an .html extension. By uploading an SVG file wi…
High
CVE-2022-21649
Convos is an open source multi-user chat that runs in a web browser. Characters starting with "https://" in the chat window create an <a> tag. Stored XSS vulnerability using onfocus and autofocus occ…
2021-12-29
Medium
CVE-2021-25993
In Requarks wiki.js, versions 2.0.0-beta.147 to 2.5.255 are affected by Stored XSS vulnerability, where a low privileged (editor) user can upload a SVG file that contains malicious JavaScript while u…
Medium
CVE-2021-25990
In “ifme”, versions v7.22.0 to v7.31.4 are vulnerable against self-stored XSS in the contacts field as it allows loading XSS payloads fetched via an iframe.
Medium
CVE-2021-25989
In “ifme”, versions 1.0.0 to v7.31.4 are vulnerable against stored XSS vulnerability in the markdown editor. It can be exploited by making a victim a Leader of a group which triggers the payload for…
Medium
CVE-2021-25988
In “ifme”, versions 1.0.0 to v7.31.4 are vulnerable against stored XSS vulnerability (notifications section) which can be directly triggered by sending an ally request to the admin.
2021-12-27
Medium
CVE-2021-24988
The WP RSS Aggregator WordPress plugin before 4.19.3 does not sanitise and escape data before outputting it in the System Info admin dashboard, which could lead to a Stored XSS issue due to the wprss…
2021-12-26
Medium
CVE-2021-45677
Certain NETGEAR devices are affected by stored XSS. This affects GS108Tv2 before 5.4.2.36 and GS110TPv2 before 5.4.2.36.
Medium
CVE-2021-45676
Certain NETGEAR devices are affected by stored XSS. This affects RAX200 before 1.0.5.126, RAX20 before 1.0.2.82, RAX80 before 1.0.5.126, RAX15 before 1.0.2.82, and RAX75 before 1.0.5.126.
Medium
CVE-2021-45675
Certain NETGEAR devices are affected by stored XSS. This affects R6120 before 1.0.0.76, R6260 before 1.1.0.78, R6850 before 1.1.0.78, R6350 before 1.1.0.78, R6330 before 1.1.0.78, R6800 before 1.2.0.…
Low
CVE-2021-45674
Certain NETGEAR devices are affected by stored XSS. This affects R7000 before 1.0.11.110, R7900 before 1.0.4.30, R8000 before 1.0.4.62, RAX15 before 1.0.2.82, RAX20 before 1.0.2.82, RAX200 before 1.0…
Medium
CVE-2021-45673
Certain NETGEAR devices are affected by stored XSS. This affects R7000 before 1.0.11.110, R7900 before 1.0.4.30, R8000 before 1.0.4.62, RAX200 before 1.0.3.106, R7000P before 1.3.3.140, RAX80 before…
Medium
CVE-2021-45672
Certain NETGEAR devices are affected by Stored XSS. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48, R6120 before 1.0.0.76, R6220 before 1.1.0…
Medium
CVE-2021-45671
Certain NETGEAR devices are affected by stored XSS. This affects CBR40 before 2.5.0.10, EAX80 before 1.0.1.62, EX7500 before 1.0.0.72, R7900 before 1.0.4.38, R8000 before 1.0.4.68, RAX200 before 1.0.…
Medium
CVE-2021-45670
Certain NETGEAR devices are affected by stored XSS. This affects CBR40 before 2.5.0.10, EAX20 before 1.0.0.48, EAX80 before 1.0.1.64, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7500 before 1.0…
Low
CVE-2021-45669
Certain NETGEAR devices are affected by stored XSS. This affects RAX200 before 1.0.3.106, MR60 before 1.0.6.110, RAX20 before 1.0.2.82, RAX45 before 1.0.2.72, RAX80 before 1.0.3.106, MS60 before 1.0.…
Medium
CVE-2021-45668
Certain NETGEAR devices are affected by stored XSS. This affects EAX20 before 1.0.0.48, EAX80 before 1.0.1.64, EX3700 before 1.0.0.90, EX3800 before 1.0.0.90, EX6120 before 1.0.0.64, EX6130 before 1.…
Medium
CVE-2021-45667
Certain NETGEAR devices are affected by stored XSS. This affects CBR40 before 2.5.0.10, EAX20 before 1.0.0.48, EAX80 before 1.0.1.64, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7500 before 1.0…
Medium
CVE-2021-45666
Certain NETGEAR devices are affected by stored XSS. This affects CBR40 before 2.5.0.10, EAX80 before 1.0.1.64, EX3700 before 1.0.0.90, EX3800 before 1.0.0.90, EX6120 before 1.0.0.64, EX6130 before 1.…
Medium
CVE-2021-45665
Certain NETGEAR devices are affected by stored XSS. This affects EAX20 before 1.0.0.36, EAX80 before 1.0.1.62, EX3700 before 1.0.0.90, EX3800 before 1.0.0.90, EX6120 before 1.0.0.64, EX6130 before 1.…
Medium
CVE-2021-45664
NETGEAR R7000 devices before 1.0.11.126 are affected by stored XSS.
Medium
CVE-2021-45663
NETGEAR R7000 devices before 1.0.11.126 are affected by stored XSS.
Medium
CVE-2021-45662
NETGEAR R7000 devices before 1.0.9.88 are affected by stored XSS.
2021-12-20
Medium
CVE-2021-43440
Multiple Stored XSS Vulnerabilities in the Source Code of iOrder 1.0 allow remote attackers to execute arbitrary code via signup form in the Name and Phone number field.
Medium
CVE-2021-43438
Stored XSS in Signup Form in iResturant 1.0 Allows Remote Attacker to Inject Arbitrary code via NAME and ADDRESS field
2021-12-15
Medium
CVE-2021-41871
An issue was discovered in Socomec REMOTE VIEW PRO 2.0.41.4. Improper validation of input into the username field makes it possible to place a stored XSS payload. This is executed if an administrator…
2021-12-14
Medium
CVE-2021-44043
An issue was discovered in UiPath App Studio 21.4.4. There is a persistent XSS vulnerability in the file-upload functionality for uploading icons when attempting to create new Apps. An attacker with…
2021-12-03
Medium
CVE-2021-43991
The Kentico Xperience CMS version 13.0 – 13.0.43 is vulnerable to a persistent Cross-Site Scripting (XSS) vulnerability (also known as Stored or Second-Order XSS). Persistent XSS vulnerabilities occu…
2021-12-01
Medium
CVE-2021-25967
In CKAN, versions 2.9.0 to 2.9.3 are affected by a stored XSS vulnerability via SVG file upload of users’ profile picture. This allows low privileged application users to store malicious scripts in t…
2021-11-30
Medium
CVE-2021-25987
Hexo versions 0.0.1 to 5.4.0 are vulnerable against stored XSS. The post “body” and “tags” don’t sanitize malicious javascript during web page generation. Local unprivileged attacker can inject arbit…
2021-11-19
Critical
CVE-2021-43409
The “WPO365 | LOGIN” WordPress plugin (up to and including version 15.3) by wpo365.com is vulnerable to a persistent Cross-Site Scripting (XSS) vulnerability (also known as Stored or Second-Order XSS…
2021-11-10
Medium
CVE-2021-25975
In publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS as a result of an unrestricted file upload. This issue allows a user with “publisher” role to inject malicious JavaScript via the uplo…
Medium
CVE-2021-25974
In Publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS. A user with a “publisher” role is able to inject and execute arbitrary JavaScript code while creating a page/article.
2021-11-09
Medium
CVE-2021-43181
In JetBrains Hub before 2021.1.13690, stored XSS is possible.
Medium
CVE-2021-43198
In JetBrains TeamCity before 2021.1.2, stored XSS is possible.
Medium
CVE-2021-43186
JetBrains YouTrack before 2021.3.24402 is vulnerable to stored XSS.
Medium
CVE-2021-43184
In JetBrains YouTrack before 2021.3.21051, stored XSS is possible.
2021-11-07
Medium
CVE-2021-25978
Apostrophe CMS versions between 2.63.0 to 3.3.1 are vulnerable to Stored XSS where an editor uploads an SVG file that contains malicious JavaScript onto the Images module, which triggers XSS once vie…
2021-10-26
Medium
CVE-2021-41866
MyBB before 1.8.28 allows stored XSS because the displayed Template Name value in the Admin CP's theme management is not escaped properly.
2021-10-25
Medium
CVE-2021-25977
In PiranhaCMS, versions 7.0.0 to 9.1.1 are vulnerable to stored XSS due to the page title improperly sanitized. By creating a page with a specially crafted page title, a low privileged user can trigg…
2021-10-21
Medium
CVE-2021-41791
An issue was discovered in Hyland org.alfresco:share through 7.0.0.2 and org.alfresco:community-share through 7.0. An evasion of the XSS filter for HTML input validation in the Alfresco Share User In…
2021-10-20
Medium
CVE-2021-25969
In Camaleon CMS application, versions 0.0.1 to 2.6.0 are vulnerable to stored XSS, that allows an unauthenticated attacker to store malicious scripts in the comments section of the post. These script…
2021-10-19
Medium
CVE-2021-25968
In “OpenCMS”, versions 10.5.0 to 11.0.2 are affected by a stored XSS vulnerability that allows low privileged application users to store malicious scripts in the Sitemap functionality. These scripts…
2021-10-18
Medium
CVE-2021-24743
The Podcast Subscribe Buttons WordPress plugin before 1.4.2 allows users with any role capable of editing or adding posts to perform stored XSS.
2021-10-15
Medium
CVE-2021-42335
Easytest bulletin board management function of online learning platform does not filter special characters. After obtaining a user’s privilege, remote attackers can inject JavaScript and execute stor…
Medium
CVE-2021-42329
The “List_Add” function of message board of ShinHer StudyOnline System does not filter special characters in the title parameter. After logging in with user’s privilege, remote attackers can inject J…
2021-10-14
Medium
CVE-2021-38344
The Brizy Page Builder plugin <= 2.3.11 for WordPress was vulnerable to stored XSS by lower-privileged users such as a subscribers. It was possible to add malicious JavaScript to a page by modifying…
2021-10-13
Medium
CVE-2021-20128
The Profile Name field in the floor plan (Network Menu) page in Draytek VigorConnect 1.6.0-B3 was found to be vulnerable to stored XSS, as user input is not properly sanitized.
2021-10-11
Medium
CVE-2021-24577
The Coming soon and Maintenance mode WordPress plugin before 3.5.3 does not properly sanitize inputs submitted by authenticated users when setting adding or modifying coming soon or maintenance mode…
2021-10-08
Medium
CVE-2021-41567
The new add subject parameter of Tad Uploader view book list function fails to filter special characters. Unauthenticated attackers can remotely inject JavaScript syntax and execute stored XSS attack…
Medium
CVE-2021-41563
Tad Book3 editing book function does not filter special characters. Unauthenticated attackers can remotely inject JavaScript syntax and execute stored XSS attacks.
2021-10-07
Medium
CVE-2021-42085
An issue was discovered in Zammad before 4.1.1. There is stored XSS via a custom Avatar.
Medium
CVE-2021-42092
An issue was discovered in Zammad before 4.1.1. Stored XSS may occur via an Article during addition of an attachment to a Ticket.
2021-10-05
Medium
CVE-2021-35503
Afian FileRun 2021.03.26 allows stored XSS via an HTTP X-Forwarded-For header that is mishandled when rendering Activity Logs.
2021-10-04
High
CVE-2021-39885
A Stored XSS in merge request creation page in all versions of Gitlab EE starting from 13.7 before 14.1.7, all versions starting from 14.2 before 14.2.5, and all versions starting from 14.3 before 14…
Medium
CVE-2021-25964
In “Calibre-web” application, v0.6.0 to v0.6.12, are vulnerable to Stored XSS in “Metadata”. An attacker that has access to edit the metadata information, can inject JavaScript payload in the descrip…
Medium
CVE-2021-39486
A Stored XSS via Malicious File Upload exists in Gila CMS version 2.2.0. An attacker can use this to steal cookies, passwords or to run arbitrary code on a victim's browser.
2021-09-27
Medium
CVE-2021-40711
Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a stored XSS vulnerability when creating Content Fragments. An authenticated attacker can send a malformed POST request to achiev…