CVE-2021-28625: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager Cloud Service offering and versions 6.5.8.0 (and below) were affected by a Cross-Site Scripting (XSS) vulnerability identified as CVE-2021-28625. The vulnerability was disclosed on August 24, 2021, and could allow attackers to inject malicious scripts into vulnerable form fields (NVD).

The vulnerability is classified as a Cross-Site Scripting (XSS) issue, specifically categorized under CWE-79 (Improper Neutralization of Input During Web Page Generation). The vulnerability received a CVSS v3.1 base score of 6.1 (Medium) from NIST with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N, while Adobe Systems assigned it a slightly higher score of 6.3 (Medium) with the vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L (NVD).

When exploited, this vulnerability allows malicious JavaScript to be executed in a victim's browser when they browse to a page containing the vulnerable form field. The impact includes potential information disclosure and integrity compromises, as indicated by the CVSS metrics showing Low confidentiality and integrity impacts (NVD).

Adobe has addressed this vulnerability through security updates detailed in their security bulletin (Adobe Advisory).