Authors:Nagamarimuthu Risk：High CVE：CVE-2018-4937 0day:HTML Injection 0day-id:0DAY-4931 Date：2018-04-12
Adobe Experience Manager is prone to a HTML-injection vulnerability because it fails to sanitize user-supplied input.
Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible.
Adobe Experience Manager 6.1 and prior versions are vulnerable.
Adobe Experience Manager 6.1
Adobe Experience Manager 6.0