Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)

5.4 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Description

Adobe Experience Manager versions 6.5.22 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. A low privileged attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a specially crafted web page.

Basic Information

ID CVE-2025-47054

Source adobe

Published Aug 20, 2025 at 17:08

Modified Aug 20, 2025 at 17:33

Affected Product

Vendor Adobe

Product Adobe Experience Manager

Affected Versions Adobe Adobe Experience Manager 0

CWE Classification

CWE-79

References

helpx.adobe.com /security/products/experience-manager/apsb25-48.html

{
    "lastseen": "",
    "description": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. A low privileged attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a specially crafted web page.",
    "published": "2025-08-20T17:08:07.712Z",
    "modified": "2025-08-20T17:33:00.814Z",
    "type": "cve",
    "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)",
    "source": "adobe",
    "references": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html",
    "id": "CVE-2025-47054",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "Adobe Adobe Experience Manager 0",
    "sourceHref": "",
    "cvss": {
        "score": 5.4,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Adobe Experience Manager",
    "version": "0",
    "vendor": "Adobe",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)_CVE-2025-47054