CVE-2022-28820

Source
https://cve.org/CVERecord?id=CVE-2022-28820
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-28820.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-28820
Aliases
Published
2022-04-21T18:08:00.480Z
Modified
2026-07-08T06:29:01.492713392Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
Adobe Consulting Services Reflected Cross-Site Scripting Arbitrary Code Execution
Details

ACS Commons version 5.1.x (and earlier) suffers from a Reflected Cross-site Scripting (XSS) vulnerability in /apps/acs-commons/content/page-compare.html endpoint via the a and b GET parameters. User input submitted via these parameters is not validated or sanitised. An attacker must provide a link to someone with access to AEM Author, and could potentially exploit this vulnerability to inject malicious JavaScript content into vulnerable form fields and execute it within the context of the victim's browser. The exploitation of this issue requires user interaction in order to be successful.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/28xxx/CVE-2022-28820.json",
    "cna_assigner": "adobe",
    "cwe_ids": [
        "CWE-79"
    ],
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "last_affected": "None"
                }
            ],
            "source": "AFFECTED_FIELD"
        }
    ]
}
References

Affected packages

Git / github.com/adobe-consulting-services/acs-aem-commons

Affected ranges

Type
GIT
Repo
https://github.com/adobe-consulting-services/acs-aem-commons
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "cpe": "cpe:2.3:a:adobe:acs_aem_commons:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "5.1.x"
        },
        {
            "fixed": "5.2.0"
        }
    ],
    "source": [
        "AFFECTED_FIELD",
        "CPE_RANGE"
    ]
}

Affected versions

2.*
2.1.0
2.2.4
5.*
5.0.10
acs-aem-commons-1.*
acs-aem-commons-1.0.0
acs-aem-commons-1.1.0
acs-aem-commons-1.10.0
acs-aem-commons-1.2.0
acs-aem-commons-1.2.2
acs-aem-commons-1.3.0
acs-aem-commons-1.4.0
acs-aem-commons-1.6.0
acs-aem-commons-1.7.0
acs-aem-commons-1.8.0
acs-aem-commons-1.9.0
acs-aem-commons-1.9.2
acs-aem-commons-1.9.4
acs-aem-commons-1.9.6
acs-aem-commons-2.*
acs-aem-commons-2.0.0
acs-aem-commons-2.1.0
acs-aem-commons-2.1.2
acs-aem-commons-2.10.0
acs-aem-commons-2.11.0
acs-aem-commons-2.2.0
acs-aem-commons-2.2.2
acs-aem-commons-2.2.4
acs-aem-commons-2.3.0
acs-aem-commons-2.3.2
acs-aem-commons-2.4.2
acs-aem-commons-2.5.0
acs-aem-commons-2.5.2
acs-aem-commons-2.6.0
acs-aem-commons-2.6.10
acs-aem-commons-2.6.2
acs-aem-commons-2.6.4
acs-aem-commons-2.6.6
acs-aem-commons-2.6.8
acs-aem-commons-2.7.0
acs-aem-commons-2.7.2
acs-aem-commons-2.8.0
acs-aem-commons-2.8.2
acs-aem-commons-2.9.0
acs-aem-commons-3.*
acs-aem-commons-3.10.0
acs-aem-commons-3.13.0
acs-aem-commons-3.14.0
acs-aem-commons-3.14.10
acs-aem-commons-3.14.2
acs-aem-commons-3.14.4
acs-aem-commons-3.14.6
acs-aem-commons-3.15.0
acs-aem-commons-3.15.2
acs-aem-commons-3.16.0
acs-aem-commons-3.17.0
acs-aem-commons-3.17.2
acs-aem-commons-3.17.4
acs-aem-commons-3.18.0
acs-aem-commons-3.18.2
acs-aem-commons-3.19.0
acs-aem-commons-3.8.2
acs-aem-commons-3.8.4
acs-aem-commons-3.9.0
acs-aem-commons-4.*
acs-aem-commons-4.0.0
acs-aem-commons-4.1.0
acs-aem-commons-4.10.0
acs-aem-commons-4.11.0
acs-aem-commons-4.11.2
acs-aem-commons-4.12.0
acs-aem-commons-4.2.0
acs-aem-commons-4.2.2
acs-aem-commons-4.3.0
acs-aem-commons-4.3.2
acs-aem-commons-4.3.4
acs-aem-commons-4.4.0
acs-aem-commons-4.4.2
acs-aem-commons-4.5.0
acs-aem-commons-4.5.2
acs-aem-commons-4.6.0
acs-aem-commons-4.7.0
acs-aem-commons-4.7.2
acs-aem-commons-4.8.0
acs-aem-commons-4.8.2
acs-aem-commons-4.8.4
acs-aem-commons-4.8.6
acs-aem-commons-4.9.0
acs-aem-commons-4.9.2
acs-aem-commons-5.*
acs-aem-commons-5.0.0
acs-aem-commons-5.0.10
acs-aem-commons-5.0.12
acs-aem-commons-5.0.14
acs-aem-commons-5.0.2
acs-aem-commons-5.0.4
acs-aem-commons-5.0.6
acs-aem-commons-5.0.8
acs-aem-commons-5.1.0
acs-aem-commons-5.1.2

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-28820.json"