CVE-2021-44177: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager (AEM) Cloud Service and versions 6.5.10.0 and below were identified with a stored Cross-Site Scripting (XSS) vulnerability (CVE-2021-44177). The vulnerability was disclosed on January 13, 2022, affecting Adobe's Experience Manager platform (NVD CVE).

The vulnerability is classified as a stored Cross-Site Scripting (XSS) issue (CWE-79) that allows attackers to inject malicious scripts into vulnerable form fields. The severity assessment varies, with Adobe Systems rating it as HIGH with a CVSS v3.1 Base Score of 8.1 (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N), while NVD rates it as MEDIUM with a CVSS v3.1 Base Score of 6.1 (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) (NVD CVE).

When exploited, the vulnerability allows malicious JavaScript to be executed in a victim's browser when they browse to a page containing the compromised field. This could potentially lead to unauthorized access to user data and compromise of user sessions (NVD CVE).

Adobe has addressed this vulnerability in subsequent releases after version 6.5.10.0. Users are advised to update to the latest version of Adobe Experience Manager to mitigate this security risk (Adobe Advisory).