Adobe Experience Manager vulnerabilities

1,088 known vulnerabilities affecting adobe/experience_manager.

Total CVEs

1,088

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

CRITICAL11HIGH27MEDIUM1042LOW8

Vulnerabilities

Page 7 of 55

CVE-2025-64875MEDIUMCVSS 5.4fixed in 6.5.24.0fixed in 2025.12.0+1 more2025-12-10

CVE-2025-64875 [MEDIUM] CWE-79 CVE-2025-64875: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-64611MEDIUMCVSS 5.4fixed in 6.5.24.0fixed in 2025.12.0+1 more2025-12-10

CVE-2025-64611 [MEDIUM] CWE-79 CVE-2025-64611: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-64803MEDIUMCVSS 5.4fixed in 6.5.24.0fixed in 2025.12.0+1 more2025-12-10

CVE-2025-64803 [MEDIUM] CWE-79 CVE-2025-64803: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-64553MEDIUMCVSS 5.4fixed in 6.5.24.0fixed in 2025.12.0+1 more2025-12-10

CVE-2025-64553 [MEDIUM] CWE-79 CVE-2025-64553: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-64545MEDIUMCVSS 5.4fixed in 6.5.24.0fixed in 2025.12.0+1 more2025-12-10

CVE-2025-64545 [MEDIUM] CWE-79 CVE-2025-64545: Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scriptin Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by a low privileged attacker to execute malicious scripts in the context of the victim's browser. Exploitation of this issue requires user interaction, such as visiting a crafted URL or interacting with a m

nvd

CVE-2025-64829MEDIUMCVSS 5.4fixed in 6.5.24.0fixed in 2025.12.0+1 more2025-12-10

CVE-2025-64829 [MEDIUM] CWE-79 CVE-2025-64829: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-64613MEDIUMCVSS 5.4fixed in 6.5.24.0fixed in 2025.12.0+1 more2025-12-10

CVE-2025-64613 [MEDIUM] CWE-79 CVE-2025-64613: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-64821MEDIUMCVSS 5.4fixed in 6.5.24.0fixed in 2025.12.0+1 more2025-12-10

CVE-2025-64821 [MEDIUM] CWE-79 CVE-2025-64821: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-64609MEDIUMCVSS 5.4fixed in 6.5.24.0fixed in 2025.12.0+1 more2025-12-10

CVE-2025-64609 [MEDIUM] CWE-79 CVE-2025-64609: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-64590MEDIUMCVSS 5.4fixed in 6.5.24.0fixed in 2025.12.0+1 more2025-12-10

CVE-2025-64590 [MEDIUM] CWE-79 CVE-2025-64590: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-64861MEDIUMCVSS 5.4fixed in 6.5.24.0fixed in 2025.12.0+1 more2025-12-10

CVE-2025-64861 [MEDIUM] CWE-79 CVE-2025-64861: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-64585MEDIUMCVSS 5.4fixed in 6.5.24.0fixed in 2025.12.0+1 more2025-12-10

CVE-2025-64585 [MEDIUM] CWE-79 CVE-2025-64585: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-64794MEDIUMCVSS 5.4fixed in 6.5.24.0fixed in 2025.12.0+1 more2025-12-10

CVE-2025-64794 [MEDIUM] CWE-79 CVE-2025-64794: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-64797MEDIUMCVSS 5.4fixed in 6.5.24.0fixed in 2025.12.0+1 more2025-12-10

CVE-2025-64797 [MEDIUM] CWE-79 CVE-2025-64797: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-64558MEDIUMCVSS 5.4fixed in 6.5.24.0fixed in 2025.12.0+1 more2025-12-10

CVE-2025-64558 [MEDIUM] CWE-79 CVE-2025-64558: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-64808MEDIUMCVSS 5.4fixed in 6.5.24.0fixed in 2025.12.0+1 more2025-12-10

CVE-2025-64808 [MEDIUM] CWE-79 CVE-2025-64808: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-64598MEDIUMCVSS 5.4fixed in 6.5.24.0fixed in 2025.12.0+1 more2025-12-10

CVE-2025-64598 [MEDIUM] CWE-79 CVE-2025-64598: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-64790MEDIUMCVSS 5.4fixed in 6.5.24.0fixed in 2025.12.0+1 more2025-12-10

CVE-2025-64790 [MEDIUM] CWE-79 CVE-2025-64790: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-64619MEDIUMCVSS 5.4fixed in 6.5.24.0fixed in 2025.12.0+1 more2025-12-10

CVE-2025-64619 [MEDIUM] CWE-79 CVE-2025-64619: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

CVE-2025-64626MEDIUMCVSS 5.4fixed in 6.5.24.0fixed in 2025.12.0+1 more2025-12-10

CVE-2025-64626 [MEDIUM] CWE-79 CVE-2025-64626: Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting ( Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd

← Previous7 / 55Next →