CVE-2026-27259

MEDIUM

Adobe Experience Manager <6.5.23 - XSS

Title source: llm

Description

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

References (1)

Scores

CVSS v3 5.4
EPSS 0.0003
EPSS Percentile 7.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Classification

CWE
CWE-79
Status draft

Affected Products (4)

adobe/experience_manager < 6.5.24
adobe/experience_manager < 2026.02.0
adobe/experience_manager
adobe/experience_manager

Timeline

Published Mar 11, 2026
Tracked Since Mar 11, 2026