Adobe Experience Manager vulnerabilities

1,088 known vulnerabilities affecting adobe/experience_manager.

Total CVEs

1,088

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

CRITICAL11HIGH27MEDIUM1042LOW8

Vulnerabilities

Page 13 of 55

CVE-2025-46872MEDIUMCVSS 5.4fixed in 6.5.23.0fixed in 2025.5.02025-06-10

CVE-2025-46872 [MEDIUM] CWE-79 CVE-2025-46872: Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-47088MEDIUMCVSS 5.4fixed in 6.5.23.0fixed in 2025.5.02025-06-10

CVE-2025-47088 [MEDIUM] CWE-79 CVE-2025-47088: Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-47072MEDIUMCVSS 5.4fixed in 6.5.23.0fixed in 2025.5.02025-06-10

CVE-2025-47072 [MEDIUM] CWE-79 CVE-2025-47072: Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-47057MEDIUMCVSS 5.4fixed in 6.5.23.0fixed in 2025.5.02025-06-10

CVE-2025-47057 [MEDIUM] CWE-79 CVE-2025-47057: Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-46947MEDIUMCVSS 5.4fixed in 6.5.23.0fixed in 2025.5.02025-06-10

CVE-2025-46947 [MEDIUM] CWE-79 CVE-2025-46947: Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-46912MEDIUMCVSS 5.4fixed in 6.5.23.0fixed in 2025.5.02025-06-10

CVE-2025-46912 [MEDIUM] CWE-79 CVE-2025-46912: Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-46941MEDIUMCVSS 5.4fixed in 6.5.23.0fixed in 2025.5.02025-06-10

CVE-2025-46941 [MEDIUM] CWE-79 CVE-2025-46941: Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-47038MEDIUMCVSS 5.4fixed in 6.5.23.0fixed in 2025.5.02025-06-10

CVE-2025-47038 [MEDIUM] CWE-79 CVE-2025-47038: Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-47025MEDIUMCVSS 5.4fixed in 6.5.23.0fixed in 2025.5.02025-06-10

CVE-2025-47025 [MEDIUM] CWE-79 CVE-2025-47025: Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-46968MEDIUMCVSS 5.4fixed in 6.5.23.0fixed in 2025.5.02025-06-10

CVE-2025-46968 [MEDIUM] CWE-79 CVE-2025-46968: Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-46992MEDIUMCVSS 5.4fixed in 6.5.23.0fixed in 2025.5.02025-06-10

CVE-2025-46992 [MEDIUM] CWE-79 CVE-2025-46992: Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-46884MEDIUMCVSS 4.8fixed in 6.5.23.0fixed in 2025.5.02025-06-10

CVE-2025-46884 [MEDIUM] CWE-79 CVE-2025-46884: Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-47010MEDIUMCVSS 5.4fixed in 6.5.23.0fixed in 2025.5.02025-06-10

CVE-2025-47010 [MEDIUM] CWE-79 CVE-2025-47010: Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-46841MEDIUMCVSS 5.4fixed in 6.5.23.0fixed in 2025.5.02025-06-10

CVE-2025-46841 [MEDIUM] CWE-79 CVE-2025-46841: Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-46890MEDIUMCVSS 5.4fixed in 6.5.23.0fixed in 2025.5.02025-06-10

CVE-2025-46890 [MEDIUM] CWE-79 CVE-2025-46890: Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-47013MEDIUMCVSS 5.4fixed in 6.5.23.0fixed in 2025.5.02025-06-10

CVE-2025-47013 [MEDIUM] CWE-79 CVE-2025-47013: Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-46909MEDIUMCVSS 5.4fixed in 6.5.23.0fixed in 2025.5.02025-06-10

CVE-2025-46909 [MEDIUM] CWE-79 CVE-2025-46909: Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-47003MEDIUMCVSS 5.4fixed in 6.5.23.0fixed in 2025.5.02025-06-10

CVE-2025-47003 [MEDIUM] CWE-79 CVE-2025-47003: Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-46997MEDIUMCVSS 5.4fixed in 6.5.23.0fixed in 2025.5.02025-06-10

CVE-2025-46997 [MEDIUM] CWE-79 CVE-2025-46997: Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-47048MEDIUMCVSS 5.4fixed in 6.5.23.0fixed in 2025.5.02025-06-10

CVE-2025-47048 [MEDIUM] CWE-79 CVE-2025-47048: Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

← Previous13 / 55Next →