CVE-2024-49524

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Nov 7, 2024

Updated: Nov 8, 2024

CWE ID 79

Summary

CVE-2024-49524 is a DOM-based Cross-Site Scripting (XSS) vulnerability affecting Adobe Experience Manager versions 6.5.20 and older. This issue allows an attacker to inject malicious scripts into a victim's browser session by manipulating a DOM element via a crafted URL or user input. The exploitation requires user interaction, meaning the victim must access a malicious URL or provide specific input to trigger the vulnerability. Successful attacks could result in the execution of arbitrary code in the context of the victim's browser session.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Adobe Experience Manager

Affected Vendors

Adobe

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/zhTSTb
https://www.cve.org/CVERecord?id=CVE-2024-49524
https://nvd.nist.gov/vuln/detail/CVE-2024-49524

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners