Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)

5.4 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Description

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. Scope is changed.

Basic Information

ID CVE-2026-47935

Source adobe

Published Jun 9, 2026 at 16:48

Affected Product

Vendor Adobe

Product Adobe Experience Manager

Affected Versions Adobe Adobe Experience Manager 0

CWE Classification

CWE-79

References

helpx.adobe.com /security/products/experience-manager/apsb26-56.html

{
    "lastseen": "",
    "description": "Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. Scope is changed.",
    "published": "2026-06-09T16:48:59.122Z",
    "modified": "2026-06-09T16:48:59.122Z",
    "type": "cve",
    "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)",
    "source": "adobe",
    "references": "https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html",
    "id": "CVE-2026-47935",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "Adobe Adobe Experience Manager 0",
    "sourceHref": "",
    "cvss": {
        "score": 5.4,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Adobe Experience Manager",
    "version": "0",
    "vendor": "Adobe",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)_CVE-2026-47935