Login Sign Up

CVE-2024-43747

5.4 MEDIUM
Cross-Site Scripting

📋 TL;DR

Adobe Experience Manager versions 6.5.21 and earlier contain a stored cross-site scripting vulnerability where attackers can inject malicious JavaScript into form fields. When users visit pages containing the compromised fields, their browsers execute the attacker's code. This affects all organizations running vulnerable AEM instances.

💻 Affected Systems

Products:
  • Adobe Experience Manager
Versions: 6.5.21 and earlier
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Affects both author and publish instances. Requires attacker to have access to vulnerable form fields.

📦 What is this software?

Experience Manager by Adobe

View all CVEs affecting Experience Manager →

Experience Manager by Adobe

View all CVEs affecting Experience Manager →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator session cookies, perform actions as authenticated users, deface websites, or redirect users to malicious sites.

🟠

Likely Case

Attackers inject malicious scripts to steal user session data or credentials from users who visit compromised pages.

🟢

If Mitigated

With proper input validation and output encoding, malicious scripts would be neutralized before reaching user browsers.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires access to vulnerable form fields, which typically requires some level of access to the AEM interface.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 6.5.22 or later

Vendor Advisory: https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Restart Required: Yes

Instructions:

1. Download AEM 6.5.22 or later from Adobe's distribution portal. 2. Apply the service pack following Adobe's installation guide. 3. Restart all AEM instances. 4. Verify the update was successful.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement custom servlet filters to sanitize user input in form fields

Implement Java servlet filter with OWASP Java Encoder library

Content Security Policy

all

Implement CSP headers to restrict script execution

Add 'Content-Security-Policy' header to dispatcher configuration

🧯 If You Can't Patch

  • Restrict access to vulnerable form fields using AEM permissions
  • Implement web application firewall rules to block XSS payloads

🔍 How to Verify

Check if Vulnerable:

Check AEM version via CRXDE Lite or system console. If version is 6.5.21 or earlier, system is vulnerable.

Check Version:

curl -u admin:password http://localhost:4502/system/console/status-productinfo

Verify Fix Applied:

After patching, verify version is 6.5.22 or later. Test form fields with basic XSS payloads to ensure they're properly sanitized.

📡 Detection & Monitoring

Log Indicators:

  • Unusual content modifications in form fields
  • JavaScript payloads in request logs
  • Multiple failed XSS attempts

Network Indicators:

  • Suspicious script tags in HTTP POST requests to form endpoints

SIEM Query:

source="aem_access.log" AND ("<script>" OR "javascript:" OR "onload=" OR "onerror=")

📊 Metadata

CVE ID: CVE-2024-43747
CVSS v3 Score: 5.4 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CWE: CWE-79
Published: December 10, 2024
Last Updated: December 17, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-43747, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)