CVE-2021-44178: 
Adobe Experience Manager vulnerability analysis and mitigation

CVE-2021-44178 is a reflected Cross-Site Scripting (XSS) vulnerability affecting Adobe Experience Manager's Cloud Service offering and version 6.5.10.0 (and below). The vulnerability specifically involves the itemResourceType parameter. This security issue was disclosed and published on January 13, 2022 (NVD).

The vulnerability is classified as a Cross-Site Scripting (XSS) vulnerability (CWE-79) with a CVSS v3.1 base score of 6.1 (Medium) according to NIST, and 5.4 (Medium) according to Adobe Systems. The CVSS v2.0 base score is 4.3 (Medium). The vulnerability vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N, indicating network accessibility, low attack complexity, no privileges required, and user interaction required (NVD).

If successfully exploited, this vulnerability allows an attacker to execute malicious JavaScript content within the context of the victim's browser when they visit a URL referencing a vulnerable page (NVD).

Adobe has addressed this vulnerability in subsequent releases after version 6.5.10.0. Users are advised to update to the latest version of Adobe Experience Manager to mitigate this security risk (Adobe Advisory).