CVE-2021-43761: 
Adobe Experience Manager vulnerability analysis and mitigation

CVE-2021-43761 is a stored Cross-Site Scripting (XSS) vulnerability affecting Adobe Experience Manager (AEM). The vulnerability impacts AEM's Cloud Service offering, as well as versions 6.5.7.0 (and below), 6.4.8.3 (and below), and 6.3.3.8 (and below). This vulnerability was disclosed on January 13, 2022 (NVD).

The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation). It has received varying CVSS severity scores, with Adobe Systems assigning it a CVSS v3.1 Base Score of 8.0 (HIGH) with vector CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H, while NIST assigned a Base Score of 5.4 (MEDIUM) with vector CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N (NVD, Adobe Security Bulletin).

When exploited, this vulnerability allows attackers to inject malicious scripts into vulnerable form fields. When victims browse to pages containing these compromised fields, malicious JavaScript may be executed within their browsers (NVD).

Adobe has addressed this vulnerability in subsequent releases after versions 6.5.7.0, 6.4.8.3, and 6.3.3.8. Users should upgrade to the latest version of Adobe Experience Manager to mitigate this vulnerability (Adobe Security Bulletin).