Adobe Experience Manager vulnerabilities

962 known vulnerabilities affecting adobe/adobe_experience_manager.

Total CVEs

962

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL8HIGH14MEDIUM932LOW8

Vulnerabilities

Page 4 of 49

CVE-2025-64620MEDIUMCVSS 5.4≤ 6.5.232025-12-10

CVE-2025-64620 [MEDIUM] CWE-79 CVE-2025-64620: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-64544MEDIUMCVSS 5.4≤ 6.5.232025-12-10

CVE-2025-64544 [MEDIUM] CWE-79 CVE-2025-64544: Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scriptin Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by a low privileged attacker to execute malicious scripts in the context of the victim's browser. Exploitation of this issue requires user interaction, such as visiting a crafted URL or interacting with a m

nvd

CVE-2025-64575MEDIUMCVSS 5.4≤ 6.5.232025-12-10

CVE-2025-64575 [MEDIUM] CWE-79 CVE-2025-64575: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-64559MEDIUMCVSS 5.4≤ 6.5.232025-12-10

CVE-2025-64559 [MEDIUM] CWE-79 CVE-2025-64559: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-64614MEDIUMCVSS 5.4≤ 6.5.232025-12-10

CVE-2025-64614 [MEDIUM] CWE-79 CVE-2025-64614: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-64574MEDIUMCVSS 5.4≤ 6.5.232025-12-10

CVE-2025-64574 [MEDIUM] CWE-79 CVE-2025-64574: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-64858MEDIUMCVSS 5.4≤ 6.5.232025-12-10

CVE-2025-64858 [MEDIUM] CWE-79 CVE-2025-64858: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-64820MEDIUMCVSS 5.4≤ 6.5.232025-12-10

CVE-2025-64820 [MEDIUM] CWE-79 CVE-2025-64820: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-64888MEDIUMCVSS 5.4≤ 6.5.232025-12-10

CVE-2025-64888 [MEDIUM] CWE-79 CVE-2025-64888: Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scriptin Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by a low privileged attacker to execute malicious scripts in the context of the victim's browser. Exploitation of this issue requires user interaction, such as visiting a crafted URL or interacting with a m

nvd

CVE-2025-64823MEDIUMCVSS 5.4≤ 6.5.232025-12-10

CVE-2025-64823 [MEDIUM] CWE-79 CVE-2025-64823: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-64872MEDIUMCVSS 4.8≤ 6.5.232025-12-10

CVE-2025-64872 [MEDIUM] CWE-79 CVE-2025-64872: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-64581MEDIUMCVSS 5.4≤ 6.5.232025-12-10

CVE-2025-64581 [MEDIUM] CWE-79 CVE-2025-64581: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-64802MEDIUMCVSS 5.4≤ 6.5.232025-12-10

CVE-2025-64802 [MEDIUM] CWE-79 CVE-2025-64802: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-64556MEDIUMCVSS 5.4≤ 6.5.232025-12-10

CVE-2025-64556 [MEDIUM] CWE-79 CVE-2025-64556: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-64622MEDIUMCVSS 5.4≤ 6.5.232025-12-10

CVE-2025-64622 [MEDIUM] CWE-79 CVE-2025-64622: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-64594MEDIUMCVSS 5.4≤ 6.5.232025-12-10

CVE-2025-64594 [MEDIUM] CWE-79 CVE-2025-64594: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-64841MEDIUMCVSS 5.4≤ 6.5.232025-12-10

CVE-2025-64841 [MEDIUM] CWE-79 CVE-2025-64841: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-64600MEDIUMCVSS 5.4≤ 6.5.232025-12-10

CVE-2025-64600 [MEDIUM] CWE-79 CVE-2025-64600: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-64557MEDIUMCVSS 5.4≤ 6.5.232025-12-10

CVE-2025-64557 [MEDIUM] CWE-79 CVE-2025-64557: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-64546MEDIUMCVSS 5.4≤ 6.5.232025-12-10

CVE-2025-64546 [MEDIUM] CWE-79 CVE-2025-64546: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

← Previous4 / 49Next →