CVE-2021-43764: 
Adobe Experience Manager vulnerability analysis and mitigation

CVE-2021-43764 is a stored Cross-Site Scripting (XSS) vulnerability affecting Adobe Experience Manager's Cloud Service offering and version 6.5.10.0 (and below). The vulnerability was published on January 13, 2022, and allows attackers to inject malicious scripts into vulnerable form fields (NVD).

The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation). It has received varying CVSS severity scores, with the NVD assigning a CVSS v3.1 Base Score of 5.4 (MEDIUM) with vector CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, while Adobe Systems assigned a higher score of 8.0 (HIGH) with vector CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H (NVD).

When exploited, this vulnerability allows malicious JavaScript to be executed in a victim's browser when they browse to a page containing the vulnerable field. The attack can lead to compromise of user data and potential manipulation of browser content within the context of the affected site (NVD).

Adobe has addressed this vulnerability in versions after 6.5.10.0 of Experience Manager and in updated versions of the Cloud Service offering (Adobe Advisory).