{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T20:21:00.928","vulnerabilities":[{"cve":{"id":"CVE-2021-21043","sourceIdentifier":"psirt@adobe.com","published":"2021-02-02T23:15:12.813","lastModified":"2024-11-21T05:47:27.480","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"ACS Commons version 4.9.2 (and earlier) suffers from a Reflected Cross-site Scripting (XSS) vulnerability in version-compare and page-compare due to invalid JCR characters that are not handled correctly. An attacker could potentially exploit this vulnerability to inject malicious JavaScript content into vulnerable form fields and execute it within the context of the victim's browser. Exploitation of this issue requires user interaction in order to be successful."},{"lang":"es","value":"La versión 4.9.2 de ACS Commons (y anteriores) sufre una vulnerabilidad de secuencias de comandos cruzadas (XSS) reflejadas en version-compare y page-compare debido a caracteres JCR no válidos que no se manejan correctamente. Un atacante podría explotar esta vulnerabilidad para inyectar contenido JavaScript malicioso en los campos de formulario vulnerables y ejecutarlo dentro del contexto del navegador de la víctima. La explotación de este problema requiere la interacción del usuario para tener éxito"}],"metrics":{"cvssMetricV31":[{"source":"psirt@adobe.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"psirt@adobe.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:adobe_consulting_services_commons:*:*:*:*:*:*:*:*","versionEndIncluding":"4.9.2","matchCriteriaId":"E4B7343B-0A3E-49E7-B85D-88B4A4EBA4EF"}]}]}],"references":[{"url":"https://github.com/Adobe-Consulting-Services/acs-aem-commons/security/advisories/GHSA-f92j-qf46-p6vm","source":"psirt@adobe.com","tags":["Third Party Advisory"]},{"url":"https://github.com/Adobe-Consulting-Services/acs-aem-commons/security/advisories/GHSA-f92j-qf46-p6vm","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}