Adobe released security updates to address vulnerabilities in Adobe Experience Manager and Experience Manager Forms, according to a report from NCCIC.
An attacker could exploit these vulnerabilities to obtain sensitive information.
In the bulletin labeled APSB19-03, the updates resolve a stored cross-site scripting vulnerability rated important that could result in sensitive information disclosure.
Adobe’s Experience Manager Forms versions 6.4, 6.3, and 6.2 suffer from the issue.
Researcher, Adam Willard, reported the vulnerability,
In the other vulnerability labeled APSB19-09, Adobe fixed one reflected cross-site scripting vulnerability rated moderate, and one stored cross-site scripting vulnerability rated important that could result in sensitive information disclosure.
Adobe Experience Manager versions 6.0-6.4 suffered from the issues. Adobe has fixes for versions 6.2-6.4.