Adobe Experience Manager 6.5.23 and earlier: Malicious Scripts Can Be Injected

Summary

Adobe Experience Manager versions 6.5.23 and earlier have a security weakness that allows an attacker to inject malicious code into a user's browser. This could happen if a user interacts with a specially crafted form on a vulnerable page. To protect your site, update to the latest version of Adobe Experience Manager.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions	Fix available
adobe	experience_manager	<= 6.5.24	–
adobe	experience_manager	<= 2026.2.0	–
adobe	experience_manager	6.5	–
adobe	experience_manager	6.5	–
adobe	experience_manager	<= 6.5.24.0	–

Original title

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts ...

Original description

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

nvd CVSS3.1 5.4

Vulnerability type

CWE-79 Cross-site Scripting (XSS)

https://helpx.adobe.com/security/products/experience-manager/apsb26-24.html