HomePentest-Tools.com Logo

Adobe Experience Manager (AEM) Multiple Vulnerabilities (APSB16-05) - Active Check CVE-2016-0955CVE-2016-0956CVE-2016-0957CVE-2016-0958

CVSSv3 Score
Vulnerability description

Adobe Experience Manager (AEM) is prone to multiple vulnerabilities.

Risk description

The following flaws exist: - CVE-2016-0955: Cross-site scripting (XSS) vulnerability - CVE-2016-0956: Information disclosure in the Servlets Post component of Apache Sling as used in AEM - CVE-2016-0957: Dispatcher as used in AEM does not properly implement a URL filter - CVE-2016-0958: Unspecified vulnerability related to a crafted serialized Java object - CVE-2016-0955: The flaw allows remote authenticated users to inject arbitrary web script or HTML via a folder title field that is mishandled in the Deletion popup dialog - CVE-2016-0956: Successful exploitation will allow remote unauthenticated users to enumerate local system files/folders that are not accessible publicly to unauthenticated users - CVE-2016-0957: The flaw allows remote attackers to bypass dispatcher rules via unspecified vectors - CVE-2016-0958: Unspecified impact


Apply the hotfixes and updates described in the referenced vendor advisory.

Not available
Detectable with
Network Scanner
Scan engine
Exploitable with Sniper
CVE Published
Feb 10, 2016
Detection added at
Software Type
Not available
Not available
Not available