CVE 5.4 MEDIUM

Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)_CVE-2026-48304

June 9, 2026 invoker category_cve
5.4 / 10
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Description

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.

Basic Information

ID CVE-2026-48304
Source adobe
Published Jun 9, 2026 at 16:48
Modified Jun 9, 2026 at 18:27

Affected Product

Vendor Adobe
Product Adobe Experience Manager
Affected Versions Adobe Adobe Experience Manager 0

CWE Classification

CWE-79

References

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.