Adobe Experience Manager vulnerabilities

1,088 known vulnerabilities affecting adobe/experience_manager.

Total CVEs

1,088

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

CRITICAL11HIGH27MEDIUM1042LOW8

Vulnerabilities

Page 5 of 55

CVE-2025-64789MEDIUMCVSS 5.4fixed in 6.5.24.0fixed in 2025.12.0+1 more2025-12-10

CVE-2025-64789 [MEDIUM] CWE-79 CVE-2025-64789: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-64863MEDIUMCVSS 5.4fixed in 6.5.24.0fixed in 2025.12.0+1 more2025-12-10

CVE-2025-64863 [MEDIUM] CWE-79 CVE-2025-64863: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-64793MEDIUMCVSS 5.4fixed in 6.5.24.0fixed in 2025.12.0+1 more2025-12-10

CVE-2025-64793 [MEDIUM] CWE-79 CVE-2025-64793: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-64839MEDIUMCVSS 5.4fixed in 6.5.24.0fixed in 2025.12.0+1 more2025-12-10

CVE-2025-64839 [MEDIUM] CWE-79 CVE-2025-64839: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-64578MEDIUMCVSS 5.4fixed in 6.5.24.0fixed in 2025.12.0+1 more2025-12-10

CVE-2025-64578 [MEDIUM] CWE-79 CVE-2025-64578: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-64817MEDIUMCVSS 5.4fixed in 6.5.24.0fixed in 2025.12.0+1 more2025-12-10

CVE-2025-64817 [MEDIUM] CWE-79 CVE-2025-64817: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-64572MEDIUMCVSS 5.4fixed in 6.5.24.0fixed in 2025.12.0+1 more2025-12-10

CVE-2025-64572 [MEDIUM] CWE-79 CVE-2025-64572: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-64580MEDIUMCVSS 5.4fixed in 6.5.24.0fixed in 2025.12.0+1 more2025-12-10

CVE-2025-64580 [MEDIUM] CWE-79 CVE-2025-64580: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-64623MEDIUMCVSS 5.4fixed in 6.5.24.0fixed in 2025.12.0+1 more2025-12-10

CVE-2025-64623 [MEDIUM] CWE-79 CVE-2025-64623: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-64852MEDIUMCVSS 5.4fixed in 6.5.24.0fixed in 2025.12.0+1 more2025-12-10

CVE-2025-64852 [MEDIUM] CWE-79 CVE-2025-64852: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-64792MEDIUMCVSS 5.4fixed in 6.5.24.0fixed in 2025.12.0+1 more2025-12-10

CVE-2025-64792 [MEDIUM] CWE-79 CVE-2025-64792: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-64615MEDIUMCVSS 5.4fixed in 6.5.24.0fixed in 2025.12.0+1 more2025-12-10

CVE-2025-64615 [MEDIUM] CWE-79 CVE-2025-64615: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-64873MEDIUMCVSS 5.4fixed in 6.5.24.0fixed in 2025.12.0+1 more2025-12-10

CVE-2025-64873 [MEDIUM] CWE-79 CVE-2025-64873: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-64881MEDIUMCVSS 5.4fixed in 6.5.24.0fixed in 2025.12.0+1 more2025-12-10

CVE-2025-64881 [MEDIUM] CWE-79 CVE-2025-64881: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-64601MEDIUMCVSS 5.4fixed in 6.5.24.0fixed in 2025.12.0+1 more2025-12-10

CVE-2025-64601 [MEDIUM] CWE-79 CVE-2025-64601: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-64627MEDIUMCVSS 5.4fixed in 6.5.24.0fixed in 2025.12.0+1 more2025-12-10

CVE-2025-64627 [MEDIUM] CWE-79 CVE-2025-64627: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-64541MEDIUMCVSS 5.4fixed in 6.5.24.0fixed in 2025.12.0+1 more2025-12-10

CVE-2025-64541 [MEDIUM] CWE-79 CVE-2025-64541: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-64612MEDIUMCVSS 5.4fixed in 6.5.24.0fixed in 2025.12.0+1 more2025-12-10

CVE-2025-64612 [MEDIUM] CWE-79 CVE-2025-64612: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-64563MEDIUMCVSS 5.4fixed in 6.5.24.0fixed in 2025.12.0+1 more2025-12-10

CVE-2025-64563 [MEDIUM] CWE-79 CVE-2025-64563: Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scriptin Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by a low privileged attacker to execute malicious scripts in the context of the victim's browser. Exploitation of this issue requires user interaction, such as visiting a crafted URL or interacting with a m

nvd

CVE-2025-64847MEDIUMCVSS 5.4fixed in 6.5.24.0fixed in 2025.12.0+1 more2025-12-10

CVE-2025-64847 [MEDIUM] CWE-79 CVE-2025-64847: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

← Previous5 / 55Next →