Adobe Experience Manager vulnerabilities

962 known vulnerabilities affecting adobe/adobe_experience_manager.

Total CVEs

962

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL8HIGH14MEDIUM932LOW8

Vulnerabilities

Page 2 of 49

CVE-2026-27255MEDIUMCVSS 5.4≤ 6.5.232026-03-11

CVE-2026-27255 [MEDIUM] CWE-79 CVE-2026-27255: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2026-27229MEDIUMCVSS 5.4≤ 6.5.232026-03-11

CVE-2026-27229 [MEDIUM] CWE-79 CVE-2026-27229: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2026-27250MEDIUMCVSS 5.4≤ 6.5.232026-03-11

CVE-2026-27250 [MEDIUM] CWE-79 CVE-2026-27250: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2026-27241MEDIUMCVSS 5.4≤ 6.5.232026-03-11

CVE-2026-27241 [MEDIUM] CWE-79 CVE-2026-27241: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2026-27253MEDIUMCVSS 5.4≤ 6.5.232026-03-11

CVE-2026-27253 [MEDIUM] CWE-79 CVE-2026-27253: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2026-27235MEDIUMCVSS 5.4≤ 6.5.232026-03-11

CVE-2026-27235 [MEDIUM] CWE-79 CVE-2026-27235: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2026-27240MEDIUMCVSS 5.4≤ 6.5.232026-03-11

CVE-2026-27240 [MEDIUM] CWE-79 CVE-2026-27240: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2026-27230MEDIUMCVSS 5.4≤ 6.5.232026-03-11

CVE-2026-27230 [MEDIUM] CWE-79 CVE-2026-27230: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2026-27248MEDIUMCVSS 5.4≤ 6.5.232026-03-11

CVE-2026-27248 [MEDIUM] CWE-79 CVE-2026-27248: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2026-27262MEDIUMCVSS 5.4≤ 6.5.232026-03-11

CVE-2026-27262 [MEDIUM] CWE-79 CVE-2026-27262: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2026-27237MEDIUMCVSS 5.4≤ 6.5.232026-03-11

CVE-2026-27237 [MEDIUM] CWE-79 CVE-2026-27237: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2026-27224MEDIUMCVSS 5.4≤ 6.5.232026-03-11

CVE-2026-27224 [MEDIUM] CWE-79 CVE-2026-27224: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2026-27232MEDIUMCVSS 5.4≤ 6.5.232026-03-11

CVE-2026-27232 [MEDIUM] CWE-79 CVE-2026-27232: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2026-27251MEDIUMCVSS 5.4≤ 6.5.232026-03-11

CVE-2026-27251 [MEDIUM] CWE-79 CVE-2026-27251: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2026-27223MEDIUMCVSS 5.4≤ 6.5.232026-03-11

CVE-2026-27223 [MEDIUM] CWE-79 CVE-2026-27223: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2026-27257MEDIUMCVSS 5.4≤ 6.5.232026-03-11

CVE-2026-27257 [MEDIUM] CWE-79 CVE-2026-27257: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2026-27242MEDIUMCVSS 5.4≤ 6.5.232026-03-11

CVE-2026-27242 [MEDIUM] CWE-79 CVE-2026-27242: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-64538CRITICALCVSS 9.3≤ 6.5.232025-12-10

CVE-2025-64538 [CRITICAL] CWE-79 CVE-2025-64538: Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scriptin Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could lead to arbitrary code execution. An attacker could exploit this vulnerability by injecting malicious scripts into a web page that are executed in the context of the victim's browser. A successful attacker can abuse t

nvd

CVE-2025-64539CRITICALCVSS 9.3≤ 6.5.232025-12-10

CVE-2025-64539 [CRITICAL] CWE-79 CVE-2025-64539: Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scriptin Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could lead to arbitrary code execution. An attacker could exploit this vulnerability by injecting malicious scripts into a web page that are executed in the context of the victim's browser. A successful attacker can abuse t

nvd

CVE-2025-64537CRITICALCVSS 9.3≤ 6.5.232025-12-10

CVE-2025-64537 [CRITICAL] CWE-79 CVE-2025-64537: Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scriptin Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could lead to arbitrary code execution. An attacker could exploit this vulnerability by injecting malicious scripts into a web page that are executed in the context of the victim's browser. A successful attacker can abuse t

nvd

← Previous2 / 49Next →