CVE-2025-64888
published 2025-12-10CVE-2025-64888: Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by a low…
medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by a low privileged attacker to execute malicious scripts in the context of the victim's browser. Exploitation of this issue requires user interaction, such as visiting a crafted URL or interacting with a manipulated web page.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adobe | adobe_experience_manager | <= 6.5.23 | — |
| adobe | experience_manager | < 6.5.24.0 | 6.5.24.0 |
| adobe | experience_manager | < 2025.12.0 | 2025.12.0 |
| adobe | experience_manager | — | — |