Adobe Experience Manager vulnerabilities

1,088 known vulnerabilities affecting adobe/experience_manager.

Total CVEs

1,088

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

CRITICAL11HIGH27MEDIUM1042LOW8

Vulnerabilities

Page 2 of 55

CVE-2026-27253MEDIUMCVSS 5.4fixed in 6.5.24fixed in 2026.2.0+1 more2026-03-11

CVE-2026-27253 [MEDIUM] CWE-79 CVE-2026-27253: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2026-27235MEDIUMCVSS 5.4fixed in 6.5.24.0fixed in 2026.2.0+1 more2026-03-11

CVE-2026-27235 [MEDIUM] CWE-79 CVE-2026-27235: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2026-27240MEDIUMCVSS 5.4fixed in 6.5.24.0fixed in 2026.2.0+1 more2026-03-11

CVE-2026-27240 [MEDIUM] CWE-79 CVE-2026-27240: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2026-27230MEDIUMCVSS 5.4fixed in 6.5.24.0fixed in 2026.2.0+1 more2026-03-11

CVE-2026-27230 [MEDIUM] CWE-79 CVE-2026-27230: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2026-27248MEDIUMCVSS 5.4fixed in 6.5.24.0fixed in 2026.2.0+1 more2026-03-11

CVE-2026-27248 [MEDIUM] CWE-79 CVE-2026-27248: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2026-27262MEDIUMCVSS 5.4fixed in 6.5.24.0fixed in 2026.2.0+1 more2026-03-11

CVE-2026-27262 [MEDIUM] CWE-79 CVE-2026-27262: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2026-27237MEDIUMCVSS 5.4fixed in 6.5.24.0fixed in 2026.2.0+1 more2026-03-11

CVE-2026-27237 [MEDIUM] CWE-79 CVE-2026-27237: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2026-27224MEDIUMCVSS 5.4fixed in 6.5.24.0fixed in 2026.2.0+1 more2026-03-11

CVE-2026-27224 [MEDIUM] CWE-79 CVE-2026-27224: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2026-27232MEDIUMCVSS 5.4fixed in 6.5.24.0fixed in 2026.2.0+1 more2026-03-11

CVE-2026-27232 [MEDIUM] CWE-79 CVE-2026-27232: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2026-27251MEDIUMCVSS 5.4fixed in 6.5.24fixed in 2026.2.0+1 more2026-03-11

CVE-2026-27251 [MEDIUM] CWE-79 CVE-2026-27251: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2026-27223MEDIUMCVSS 5.4fixed in 6.5.24.0fixed in 2026.2.0+1 more2026-03-11

CVE-2026-27223 [MEDIUM] CWE-79 CVE-2026-27223: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2026-27257MEDIUMCVSS 5.4fixed in 6.5.24fixed in 2026.2.0+1 more2026-03-11

CVE-2026-27257 [MEDIUM] CWE-79 CVE-2026-27257: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2026-27242MEDIUMCVSS 5.4fixed in 6.5.24.0fixed in 2026.2.0+1 more2026-03-11

CVE-2026-27242 [MEDIUM] CWE-79 CVE-2026-27242: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-64538CRITICALCVSS 9.3fixed in 6.5.24.0fixed in 2025.12.0+1 more2025-12-10

CVE-2025-64538 [CRITICAL] CWE-79 CVE-2025-64538: Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scriptin Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could lead to arbitrary code execution. An attacker could exploit this vulnerability by injecting malicious scripts into a web page that are executed in the context of the victim's browser. A successful attacker can abuse t

nvd

CVE-2025-64539CRITICALCVSS 9.3fixed in 6.5.24.0fixed in 2025.12.0+1 more2025-12-10

CVE-2025-64539 [CRITICAL] CWE-79 CVE-2025-64539: Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scriptin Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could lead to arbitrary code execution. An attacker could exploit this vulnerability by injecting malicious scripts into a web page that are executed in the context of the victim's browser. A successful attacker can abuse t

nvd

CVE-2025-64537CRITICALCVSS 9.3fixed in 6.5.24.0fixed in 2025.12.0+1 more2025-12-10

CVE-2025-64537 [CRITICAL] CWE-79 CVE-2025-64537: Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scriptin Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could lead to arbitrary code execution. An attacker could exploit this vulnerability by injecting malicious scripts into a web page that are executed in the context of the victim's browser. A successful attacker can abuse t

nvd

CVE-2025-64548MEDIUMCVSS 5.4fixed in 6.5.24.0fixed in 2025.12.0+1 more2025-12-10

CVE-2025-64548 [MEDIUM] CWE-79 CVE-2025-64548: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-64551MEDIUMCVSS 5.4fixed in 6.5.24.0fixed in 2025.12.0+1 more2025-12-10

CVE-2025-64551 [MEDIUM] CWE-79 CVE-2025-64551: Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scriptin Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by a low privileged attacker to execute malicious scripts in the context of the victim's browser. Exploitation of this issue requires user interaction, such as visiting a crafted URL or interacting with a m

nvd

CVE-2025-64822MEDIUMCVSS 5.4fixed in 6.5.24.0fixed in 2025.12.0+1 more2025-12-10

CVE-2025-64822 [MEDIUM] CWE-79 CVE-2025-64822: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-64577MEDIUMCVSS 5.4fixed in 6.5.24.0fixed in 2025.12.0+1 more2025-12-10

CVE-2025-64577 [MEDIUM] CWE-79 CVE-2025-64577: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

← Previous2 / 55Next →