Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdyODMtdzZyOC1maDZ3

Reflected Cross-site Scripting (XSS) in ACS Commons

ACS Commons version 4.9.2 (and earlier) suffers from a Reflected Cross-site Scripting (XSS) vulnerability in version-compare and page-compare due to invalid JCR characters that are not handled correctly. An attacker could potentially exploit this vulnerability to inject malicious JavaScript content into vulnerable form fields and execute it within the context of the victim's browser. Exploitation of this issue requires user interaction in order to be successful.

Permalink: https://github.com/advisories/GHSA-7r83-w6r8-fh6w
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdyODMtdzZyOC1maDZ3
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 3 years ago
Updated: over 1 year ago

CVSS Score: 6.1
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Identifiers: GHSA-7r83-w6r8-fh6w, CVE-2021-21043
References:

Repository: https://github.com/Adobe-Consulting-Services/acs-aem-commons
Blast Radius: 0.0

Affected Packages

maven:com.adobe.acs:acs-aem-commons

Dependent packages: 0
Dependent repositories: 1
Downloads:
Affected Version Ranges: < 4.10.0
Fixed in: 4.10.0
All affected versions: 4.6.0, 4.7.0, 4.7.2, 4.8.0, 4.8.4, 4.8.6, 4.9.0, 4.9.2
All unaffected versions: 4.10.0, 4.11.0, 4.11.2, 4.12.0, 5.0.0, 5.0.2, 5.0.4, 5.0.6, 5.0.8, 5.0.10, 5.0.12, 5.0.14, 5.1.0, 5.1.2, 5.2.0, 5.3.0, 5.3.2, 5.3.4, 5.4.0, 5.5.0, 5.5.2, 5.6.0, 5.7.0, 6.0.0, 6.0.2, 6.0.4, 6.0.6, 6.0.8, 6.0.10, 6.0.12, 6.0.14, 6.1.0, 6.2.0, 6.3.0, 6.3.2, 6.3.4, 6.3.6, 6.3.8, 6.4.0, 6.5.0, 6.6.0