CVE-2021-44176: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager (AEM) Cloud Service and version 6.5.10.0 (and below) were found to contain a stored Cross-Site Scripting (XSS) vulnerability identified as CVE-2021-44176. The vulnerability was disclosed on January 13, 2022, affecting multiple versions of Adobe Experience Manager, including both cloud and on-premise deployments (NVD).

The vulnerability is classified as a stored Cross-Site Scripting (XSS) issue (CWE-79) that allows attackers to inject malicious scripts into vulnerable form fields. The severity of this vulnerability has been rated with a CVSS v3.1 Base Score of 6.1 (MEDIUM) by NIST and 8.1 (HIGH) by Adobe Systems, with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N (NVD).

When exploited, the vulnerability allows malicious JavaScript to be executed in a victim's browser when they browse to a page containing the compromised field. This could potentially lead to unauthorized access to sensitive information, session hijacking, or other client-side attacks (NVD).

Adobe has addressed this vulnerability in subsequent releases after version 6.5.10.0. Users are advised to update to the latest version of Adobe Experience Manager to mitigate this security risk (Adobe Advisory).