Adobe Experience Manager vulnerabilities

1,088 known vulnerabilities affecting adobe/experience_manager.

Total CVEs

1,088

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

CRITICAL11HIGH27MEDIUM1042LOW8

Vulnerabilities

Page 4 of 55

CVE-2025-64614MEDIUMCVSS 5.4fixed in 6.5.24.0fixed in 2025.12.0+1 more2025-12-10

CVE-2025-64614 [MEDIUM] CWE-79 CVE-2025-64614: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-64574MEDIUMCVSS 5.4fixed in 6.5.24.0fixed in 2025.12.0+1 more2025-12-10

CVE-2025-64574 [MEDIUM] CWE-79 CVE-2025-64574: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-64858MEDIUMCVSS 5.4fixed in 6.5.24.0fixed in 2025.12.0+1 more2025-12-10

CVE-2025-64858 [MEDIUM] CWE-79 CVE-2025-64858: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-64820MEDIUMCVSS 5.4fixed in 6.5.24.0fixed in 2025.12.0+1 more2025-12-10

CVE-2025-64820 [MEDIUM] CWE-79 CVE-2025-64820: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-64888MEDIUMCVSS 5.4fixed in 6.5.24.0fixed in 2025.12.0+1 more2025-12-10

CVE-2025-64888 [MEDIUM] CWE-79 CVE-2025-64888: Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scriptin Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by a low privileged attacker to execute malicious scripts in the context of the victim's browser. Exploitation of this issue requires user interaction, such as visiting a crafted URL or interacting with a m

nvd

CVE-2025-64823MEDIUMCVSS 5.4fixed in 6.5.24.0fixed in 2025.12.0+1 more2025-12-10

CVE-2025-64823 [MEDIUM] CWE-79 CVE-2025-64823: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-64872MEDIUMCVSS 4.8fixed in 6.5.24.0fixed in 2025.12.0+1 more2025-12-10

CVE-2025-64872 [MEDIUM] CWE-79 CVE-2025-64872: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-64581MEDIUMCVSS 5.4fixed in 6.5.24.0fixed in 2025.12.0+1 more2025-12-10

CVE-2025-64581 [MEDIUM] CWE-79 CVE-2025-64581: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-64802MEDIUMCVSS 5.4fixed in 6.5.24.0fixed in 2025.12.0+1 more2025-12-10

CVE-2025-64802 [MEDIUM] CWE-79 CVE-2025-64802: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-64556MEDIUMCVSS 5.4fixed in 6.5.24.0fixed in 2025.12.0+1 more2025-12-10

CVE-2025-64556 [MEDIUM] CWE-79 CVE-2025-64556: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-64622MEDIUMCVSS 5.4fixed in 6.5.24.0fixed in 2025.12.0+1 more2025-12-10

CVE-2025-64622 [MEDIUM] CWE-79 CVE-2025-64622: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-64594MEDIUMCVSS 5.4fixed in 6.5.24.0fixed in 2025.12.0+1 more2025-12-10

CVE-2025-64594 [MEDIUM] CWE-79 CVE-2025-64594: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-64841MEDIUMCVSS 5.4fixed in 6.5.24.0fixed in 2025.12.0+1 more2025-12-10

CVE-2025-64841 [MEDIUM] CWE-79 CVE-2025-64841: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-64600MEDIUMCVSS 5.4fixed in 6.5.24.0fixed in 2025.12.0+1 more2025-12-10

CVE-2025-64600 [MEDIUM] CWE-79 CVE-2025-64600: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-64557MEDIUMCVSS 5.4fixed in 6.5.24.0fixed in 2025.12.0+1 more2025-12-10

CVE-2025-64557 [MEDIUM] CWE-79 CVE-2025-64557: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-64546MEDIUMCVSS 5.4fixed in 6.5.24.0fixed in 2025.12.0+1 more2025-12-10

CVE-2025-64546 [MEDIUM] CWE-79 CVE-2025-64546: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-64597MEDIUMCVSS 5.4fixed in 6.5.24.0fixed in 2025.12.0+1 more2025-12-10

CVE-2025-64597 [MEDIUM] CWE-79 CVE-2025-64597: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-64605MEDIUMCVSS 5.4fixed in 6.5.24.0fixed in 2025.12.0+1 more2025-12-10

CVE-2025-64605 [MEDIUM] CWE-79 CVE-2025-64605: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-64549MEDIUMCVSS 5.4fixed in 6.5.24.0fixed in 2025.12.0+1 more2025-12-10

CVE-2025-64549 [MEDIUM] CWE-79 CVE-2025-64549: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-64554MEDIUMCVSS 5.4fixed in 6.5.24.0fixed in 2025.12.0+1 more2025-12-10

CVE-2025-64554 [MEDIUM] CWE-79 CVE-2025-64554: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

← Previous4 / 55Next →