Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)

5.4 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Description

Adobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage.

Basic Information

ID CVE-2026-34625

Source adobe

Published Apr 14, 2026 at 18:26

Modified Apr 14, 2026 at 19:38

Affected Product

Vendor Adobe

Product Adobe Experience Manager

Affected Versions Adobe Adobe Experience Manager 0

CWE Classification

CWE-79

References

helpx.adobe.com /security/products/aem-screens/apsb26-34.html

{
    "lastseen": "",
    "description": "Adobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage.",
    "published": "2026-04-14T18:26:01.009Z",
    "modified": "2026-04-14T19:38:42.488Z",
    "type": "cve",
    "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)",
    "source": "adobe",
    "references": "https://helpx.adobe.com/security/products/aem-screens/apsb26-34.html",
    "id": "CVE-2026-34625",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "Adobe Adobe Experience Manager 0",
    "sourceHref": "",
    "cvss": {
        "score": 5.4,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Adobe Experience Manager",
    "version": "0",
    "vendor": "Adobe",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)_CVE-2026-34625