CVE-2024-43724
📋 TL;DR
This DOM-based XSS vulnerability in Adobe Experience Manager allows attackers to inject malicious scripts through manipulated URLs or user input, executing arbitrary code in victims' browser sessions. It affects users of Adobe Experience Manager versions 6.5.21 and earlier who interact with crafted malicious content.
💻 Affected Systems
- Adobe Experience Manager
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete account takeover, data theft, or malware deployment through the victim's authenticated session.
Likely Case
Session hijacking, credential theft, or unauthorized actions performed within the victim's permissions.
If Mitigated
Limited impact due to input validation, output encoding, and Content Security Policy preventing script execution.
🎯 Exploit Status
Exploitation requires user interaction and knowledge of specific DOM manipulation techniques.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 6.5.22 or later
Vendor Advisory: https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html
Restart Required: Yes
Instructions:
1. Download Adobe Experience Manager 6.5.22 or later from Adobe's official distribution channels. 2. Follow Adobe's upgrade documentation for your deployment type (AEM as a Cloud Service or on-premise). 3. Apply the update to all affected instances. 4. Restart the AEM service.
🔧 Temporary Workarounds
Implement Content Security Policy
allDeploy a strict Content Security Policy to prevent inline script execution and restrict script sources.
Add Content-Security-Policy header with script-src directives
Input Validation and Output Encoding
allImplement server-side validation of all user inputs and encode outputs before rendering in DOM.
Configure AEM filters and servlets to sanitize inputs
🧯 If You Can't Patch
- Implement Web Application Firewall (WAF) rules to detect and block XSS payloads
- Restrict user access to only trusted sources and implement network segmentation
🔍 How to Verify
Check if Vulnerable:
Check AEM version via the Welcome screen or system/console/status-productinfo endpoint.Check Version:
curl -k https://<aem-host>:<port>/system/console/status-productinfo | grep 'Adobe Experience Manager'Verify Fix Applied:
Confirm version is 6.5.22 or later and test DOM manipulation vectors are no longer exploitable.📡 Detection & Monitoring
Log Indicators:
- Unusual DOM manipulation patterns in request logs
- Suspicious script tags or JavaScript in URLs
Network Indicators:
- HTTP requests containing script injection patterns
- Unusual redirects to external domains
SIEM Query:
source="aem-access.log" AND ("<script" OR "javascript:" OR "onerror=" OR "onload=")