acs commons is an open source framework for AEM projects. ACS Commons version 5.1.x (and earlier) suffers from a Reflected Cross-site Scripting (XSS) vulnerability in /apps/acs-commons/content/page-compare.html` endpoint via the `a` and `b` GET parameters. User input submitted via these parameters is not validated or sanitized. An attacker must provide a link to someone with access to AEM Author, and could potentially exploit this vulnerability to inject malicious JavaScript content into vulnerable form fields and execute it within the context of the victim's browser. The exploitation of this issue requires user interaction in order to be successful. This issue has been resolved in 5.2.0. There are no known workarounds for this issue.

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-28820. Reason: This candidate is a reservation duplicate of CVE-2022-28820. Notes: All CVE users should reference CVE-2022-28820 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

GitHub, Inc. AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N

GitHub, Inc. CWE-79

https://github.com/Adobe-Consulting-Services/acs-aem-commons/commit/ff15e21e422f9de40164639e2d636c3c0d340080 [No Types Assigned]

https://github.com/Adobe-Consulting-Services/acs-aem-commons/security/advisories/GHSA-w5m2-299g-rff5 [No Types Assigned]

https://mvnrepository.com/artifact/com.adobe.acs/acs-aem-commons [No Types Assigned]