Search criteria
3153 vulnerabilities found for experience_manager by adobe
FKIE_CVE-2025-64881
Vulnerability from fkie_nvd - Published: 2025-12-10 19:16 - Updated: 2025-12-12 17:32
Severity ?
Summary
Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@adobe.com | https://helpx.adobe.com/security/products/experience-manager/apsb25-115.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| adobe | experience_manager | * | |
| adobe | experience_manager | * | |
| adobe | experience_manager | 6.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:-:*:*:*",
"matchCriteriaId": "0FC0CE20-2AC2-45FB-A7CF-9ADEEBC8B411",
"versionEndExcluding": "6.5.24.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:aem_cloud_service:*:*:*",
"matchCriteriaId": "3326AB8A-7DF7-437C-86B6-58BA768E42E5",
"versionEndExcluding": "2025.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:experience_manager:6.5:-:*:*:lts:*:*:*",
"matchCriteriaId": "852C2582-859F-40DB-96CF-E1274CEECC1F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
}
],
"id": "CVE-2025-64881",
"lastModified": "2025-12-12T17:32:08.727",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@adobe.com",
"type": "Primary"
}
]
},
"published": "2025-12-10T19:16:34.460",
"references": [
{
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-115.html"
}
],
"sourceIdentifier": "psirt@adobe.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@adobe.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-64875
Vulnerability from fkie_nvd - Published: 2025-12-10 19:16 - Updated: 2025-12-12 17:32
Severity ?
Summary
Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@adobe.com | https://helpx.adobe.com/security/products/experience-manager/apsb25-115.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| adobe | experience_manager | * | |
| adobe | experience_manager | * | |
| adobe | experience_manager | 6.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:-:*:*:*",
"matchCriteriaId": "0FC0CE20-2AC2-45FB-A7CF-9ADEEBC8B411",
"versionEndExcluding": "6.5.24.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:aem_cloud_service:*:*:*",
"matchCriteriaId": "3326AB8A-7DF7-437C-86B6-58BA768E42E5",
"versionEndExcluding": "2025.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:experience_manager:6.5:-:*:*:lts:*:*:*",
"matchCriteriaId": "852C2582-859F-40DB-96CF-E1274CEECC1F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
}
],
"id": "CVE-2025-64875",
"lastModified": "2025-12-12T17:32:17.437",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@adobe.com",
"type": "Primary"
}
]
},
"published": "2025-12-10T19:16:34.290",
"references": [
{
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-115.html"
}
],
"sourceIdentifier": "psirt@adobe.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@adobe.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-64887
Vulnerability from fkie_nvd - Published: 2025-12-10 19:16 - Updated: 2025-12-12 17:31
Severity ?
Summary
Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by a low privileged attacker to execute malicious scripts in the context of the victim's browser. Exploitation of this issue requires user interaction, such as visiting a crafted URL or interacting with a manipulated web page.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@adobe.com | https://helpx.adobe.com/security/products/experience-manager/apsb25-115.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| adobe | experience_manager | * | |
| adobe | experience_manager | * | |
| adobe | experience_manager | 6.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:-:*:*:*",
"matchCriteriaId": "0FC0CE20-2AC2-45FB-A7CF-9ADEEBC8B411",
"versionEndExcluding": "6.5.24.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:aem_cloud_service:*:*:*",
"matchCriteriaId": "3326AB8A-7DF7-437C-86B6-58BA768E42E5",
"versionEndExcluding": "2025.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:experience_manager:6.5:-:*:*:lts:*:*:*",
"matchCriteriaId": "852C2582-859F-40DB-96CF-E1274CEECC1F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by a low privileged attacker to execute malicious scripts in the context of the victim\u0027s browser. Exploitation of this issue requires user interaction, such as visiting a crafted URL or interacting with a manipulated web page."
}
],
"id": "CVE-2025-64887",
"lastModified": "2025-12-12T17:31:58.540",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@adobe.com",
"type": "Primary"
}
]
},
"published": "2025-12-10T19:16:34.627",
"references": [
{
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-115.html"
}
],
"sourceIdentifier": "psirt@adobe.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@adobe.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-64873
Vulnerability from fkie_nvd - Published: 2025-12-10 19:16 - Updated: 2025-12-12 17:32
Severity ?
Summary
Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@adobe.com | https://helpx.adobe.com/security/products/experience-manager/apsb25-115.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| adobe | experience_manager | * | |
| adobe | experience_manager | * | |
| adobe | experience_manager | 6.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:-:*:*:*",
"matchCriteriaId": "0FC0CE20-2AC2-45FB-A7CF-9ADEEBC8B411",
"versionEndExcluding": "6.5.24.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:aem_cloud_service:*:*:*",
"matchCriteriaId": "3326AB8A-7DF7-437C-86B6-58BA768E42E5",
"versionEndExcluding": "2025.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:experience_manager:6.5:-:*:*:lts:*:*:*",
"matchCriteriaId": "852C2582-859F-40DB-96CF-E1274CEECC1F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
}
],
"id": "CVE-2025-64873",
"lastModified": "2025-12-12T17:32:34.677",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@adobe.com",
"type": "Primary"
}
]
},
"published": "2025-12-10T19:16:34.130",
"references": [
{
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-115.html"
}
],
"sourceIdentifier": "psirt@adobe.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@adobe.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-64888
Vulnerability from fkie_nvd - Published: 2025-12-10 19:16 - Updated: 2025-12-12 17:31
Severity ?
Summary
Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by a low privileged attacker to execute malicious scripts in the context of the victim's browser. Exploitation of this issue requires user interaction, such as visiting a crafted URL or interacting with a manipulated web page.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@adobe.com | https://helpx.adobe.com/security/products/experience-manager/apsb25-115.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| adobe | experience_manager | * | |
| adobe | experience_manager | * | |
| adobe | experience_manager | 6.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:-:*:*:*",
"matchCriteriaId": "0FC0CE20-2AC2-45FB-A7CF-9ADEEBC8B411",
"versionEndExcluding": "6.5.24.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:aem_cloud_service:*:*:*",
"matchCriteriaId": "3326AB8A-7DF7-437C-86B6-58BA768E42E5",
"versionEndExcluding": "2025.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:experience_manager:6.5:-:*:*:lts:*:*:*",
"matchCriteriaId": "852C2582-859F-40DB-96CF-E1274CEECC1F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by a low privileged attacker to execute malicious scripts in the context of the victim\u0027s browser. Exploitation of this issue requires user interaction, such as visiting a crafted URL or interacting with a manipulated web page."
}
],
"id": "CVE-2025-64888",
"lastModified": "2025-12-12T17:31:30.100",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@adobe.com",
"type": "Primary"
}
]
},
"published": "2025-12-10T19:16:34.787",
"references": [
{
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-115.html"
}
],
"sourceIdentifier": "psirt@adobe.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@adobe.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-64858
Vulnerability from fkie_nvd - Published: 2025-12-10 19:16 - Updated: 2025-12-12 17:33
Severity ?
Summary
Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@adobe.com | https://helpx.adobe.com/security/products/experience-manager/apsb25-115.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| adobe | experience_manager | * | |
| adobe | experience_manager | * | |
| adobe | experience_manager | 6.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:-:*:*:*",
"matchCriteriaId": "0FC0CE20-2AC2-45FB-A7CF-9ADEEBC8B411",
"versionEndExcluding": "6.5.24.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:aem_cloud_service:*:*:*",
"matchCriteriaId": "3326AB8A-7DF7-437C-86B6-58BA768E42E5",
"versionEndExcluding": "2025.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:experience_manager:6.5:-:*:*:lts:*:*:*",
"matchCriteriaId": "852C2582-859F-40DB-96CF-E1274CEECC1F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
}
],
"id": "CVE-2025-64858",
"lastModified": "2025-12-12T17:33:45.207",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@adobe.com",
"type": "Primary"
}
]
},
"published": "2025-12-10T19:16:33.307",
"references": [
{
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-115.html"
}
],
"sourceIdentifier": "psirt@adobe.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@adobe.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-64869
Vulnerability from fkie_nvd - Published: 2025-12-10 19:16 - Updated: 2025-12-12 17:32
Severity ?
Summary
Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@adobe.com | https://helpx.adobe.com/security/products/experience-manager/apsb25-115.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| adobe | experience_manager | * | |
| adobe | experience_manager | * | |
| adobe | experience_manager | 6.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:-:*:*:*",
"matchCriteriaId": "0FC0CE20-2AC2-45FB-A7CF-9ADEEBC8B411",
"versionEndExcluding": "6.5.24.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:aem_cloud_service:*:*:*",
"matchCriteriaId": "3326AB8A-7DF7-437C-86B6-58BA768E42E5",
"versionEndExcluding": "2025.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:experience_manager:6.5:-:*:*:lts:*:*:*",
"matchCriteriaId": "852C2582-859F-40DB-96CF-E1274CEECC1F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
}
],
"id": "CVE-2025-64869",
"lastModified": "2025-12-12T17:32:54.870",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@adobe.com",
"type": "Primary"
}
]
},
"published": "2025-12-10T19:16:33.810",
"references": [
{
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-115.html"
}
],
"sourceIdentifier": "psirt@adobe.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@adobe.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-64861
Vulnerability from fkie_nvd - Published: 2025-12-10 19:16 - Updated: 2025-12-12 17:33
Severity ?
Summary
Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@adobe.com | https://helpx.adobe.com/security/products/experience-manager/apsb25-115.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| adobe | experience_manager | * | |
| adobe | experience_manager | * | |
| adobe | experience_manager | 6.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:-:*:*:*",
"matchCriteriaId": "0FC0CE20-2AC2-45FB-A7CF-9ADEEBC8B411",
"versionEndExcluding": "6.5.24.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:aem_cloud_service:*:*:*",
"matchCriteriaId": "3326AB8A-7DF7-437C-86B6-58BA768E42E5",
"versionEndExcluding": "2025.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:experience_manager:6.5:-:*:*:lts:*:*:*",
"matchCriteriaId": "852C2582-859F-40DB-96CF-E1274CEECC1F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
}
],
"id": "CVE-2025-64861",
"lastModified": "2025-12-12T17:33:36.190",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@adobe.com",
"type": "Primary"
}
]
},
"published": "2025-12-10T19:16:33.467",
"references": [
{
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-115.html"
}
],
"sourceIdentifier": "psirt@adobe.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@adobe.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-64863
Vulnerability from fkie_nvd - Published: 2025-12-10 19:16 - Updated: 2025-12-12 17:33
Severity ?
Summary
Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@adobe.com | https://helpx.adobe.com/security/products/experience-manager/apsb25-115.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| adobe | experience_manager | * | |
| adobe | experience_manager | * | |
| adobe | experience_manager | 6.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:-:*:*:*",
"matchCriteriaId": "0FC0CE20-2AC2-45FB-A7CF-9ADEEBC8B411",
"versionEndExcluding": "6.5.24.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:aem_cloud_service:*:*:*",
"matchCriteriaId": "3326AB8A-7DF7-437C-86B6-58BA768E42E5",
"versionEndExcluding": "2025.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:experience_manager:6.5:-:*:*:lts:*:*:*",
"matchCriteriaId": "852C2582-859F-40DB-96CF-E1274CEECC1F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
}
],
"id": "CVE-2025-64863",
"lastModified": "2025-12-12T17:33:20.543",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@adobe.com",
"type": "Primary"
}
]
},
"published": "2025-12-10T19:16:33.643",
"references": [
{
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-115.html"
}
],
"sourceIdentifier": "psirt@adobe.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@adobe.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-64857
Vulnerability from fkie_nvd - Published: 2025-12-10 19:16 - Updated: 2025-12-12 17:33
Severity ?
Summary
Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@adobe.com | https://helpx.adobe.com/security/products/experience-manager/apsb25-115.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| adobe | experience_manager | * | |
| adobe | experience_manager | * | |
| adobe | experience_manager | 6.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:-:*:*:*",
"matchCriteriaId": "0FC0CE20-2AC2-45FB-A7CF-9ADEEBC8B411",
"versionEndExcluding": "6.5.24.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:aem_cloud_service:*:*:*",
"matchCriteriaId": "3326AB8A-7DF7-437C-86B6-58BA768E42E5",
"versionEndExcluding": "2025.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:experience_manager:6.5:-:*:*:lts:*:*:*",
"matchCriteriaId": "852C2582-859F-40DB-96CF-E1274CEECC1F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
}
],
"id": "CVE-2025-64857",
"lastModified": "2025-12-12T17:33:57.120",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@adobe.com",
"type": "Primary"
}
]
},
"published": "2025-12-10T19:16:33.147",
"references": [
{
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-115.html"
}
],
"sourceIdentifier": "psirt@adobe.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@adobe.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-64872
Vulnerability from fkie_nvd - Published: 2025-12-10 19:16 - Updated: 2025-12-12 17:32
Severity ?
Summary
Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@adobe.com | https://helpx.adobe.com/security/products/experience-manager/apsb25-115.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| adobe | experience_manager | * | |
| adobe | experience_manager | * | |
| adobe | experience_manager | 6.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:-:*:*:*",
"matchCriteriaId": "0FC0CE20-2AC2-45FB-A7CF-9ADEEBC8B411",
"versionEndExcluding": "6.5.24.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:aem_cloud_service:*:*:*",
"matchCriteriaId": "3326AB8A-7DF7-437C-86B6-58BA768E42E5",
"versionEndExcluding": "2025.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:experience_manager:6.5:-:*:*:lts:*:*:*",
"matchCriteriaId": "852C2582-859F-40DB-96CF-E1274CEECC1F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
}
],
"id": "CVE-2025-64872",
"lastModified": "2025-12-12T17:32:25.967",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "psirt@adobe.com",
"type": "Primary"
}
]
},
"published": "2025-12-10T19:16:33.970",
"references": [
{
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-115.html"
}
],
"sourceIdentifier": "psirt@adobe.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@adobe.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-64850
Vulnerability from fkie_nvd - Published: 2025-12-10 19:16 - Updated: 2025-12-12 18:08
Severity ?
Summary
Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@adobe.com | https://helpx.adobe.com/security/products/experience-manager/apsb25-115.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| adobe | experience_manager | * | |
| adobe | experience_manager | * | |
| adobe | experience_manager | 6.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:-:*:*:*",
"matchCriteriaId": "0FC0CE20-2AC2-45FB-A7CF-9ADEEBC8B411",
"versionEndExcluding": "6.5.24.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:aem_cloud_service:*:*:*",
"matchCriteriaId": "3326AB8A-7DF7-437C-86B6-58BA768E42E5",
"versionEndExcluding": "2025.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:experience_manager:6.5:-:*:*:lts:*:*:*",
"matchCriteriaId": "852C2582-859F-40DB-96CF-E1274CEECC1F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
}
],
"id": "CVE-2025-64850",
"lastModified": "2025-12-12T18:08:09.893",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@adobe.com",
"type": "Primary"
}
]
},
"published": "2025-12-10T19:16:32.660",
"references": [
{
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-115.html"
}
],
"sourceIdentifier": "psirt@adobe.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@adobe.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-64841
Vulnerability from fkie_nvd - Published: 2025-12-10 19:16 - Updated: 2025-12-12 18:08
Severity ?
Summary
Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@adobe.com | https://helpx.adobe.com/security/products/experience-manager/apsb25-115.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| adobe | experience_manager | * | |
| adobe | experience_manager | * | |
| adobe | experience_manager | 6.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:-:*:*:*",
"matchCriteriaId": "0FC0CE20-2AC2-45FB-A7CF-9ADEEBC8B411",
"versionEndExcluding": "6.5.24.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:aem_cloud_service:*:*:*",
"matchCriteriaId": "3326AB8A-7DF7-437C-86B6-58BA768E42E5",
"versionEndExcluding": "2025.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:experience_manager:6.5:-:*:*:lts:*:*:*",
"matchCriteriaId": "852C2582-859F-40DB-96CF-E1274CEECC1F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
}
],
"id": "CVE-2025-64841",
"lastModified": "2025-12-12T18:08:36.733",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@adobe.com",
"type": "Primary"
}
]
},
"published": "2025-12-10T19:16:32.193",
"references": [
{
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-115.html"
}
],
"sourceIdentifier": "psirt@adobe.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@adobe.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-64840
Vulnerability from fkie_nvd - Published: 2025-12-10 19:16 - Updated: 2025-12-12 18:08
Severity ?
Summary
Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@adobe.com | https://helpx.adobe.com/security/products/experience-manager/apsb25-115.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| adobe | experience_manager | * | |
| adobe | experience_manager | * | |
| adobe | experience_manager | 6.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:-:*:*:*",
"matchCriteriaId": "0FC0CE20-2AC2-45FB-A7CF-9ADEEBC8B411",
"versionEndExcluding": "6.5.24.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:aem_cloud_service:*:*:*",
"matchCriteriaId": "3326AB8A-7DF7-437C-86B6-58BA768E42E5",
"versionEndExcluding": "2025.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:experience_manager:6.5:-:*:*:lts:*:*:*",
"matchCriteriaId": "852C2582-859F-40DB-96CF-E1274CEECC1F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
}
],
"id": "CVE-2025-64840",
"lastModified": "2025-12-12T18:08:48.217",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@adobe.com",
"type": "Primary"
}
]
},
"published": "2025-12-10T19:16:32.040",
"references": [
{
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-115.html"
}
],
"sourceIdentifier": "psirt@adobe.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@adobe.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-64852
Vulnerability from fkie_nvd - Published: 2025-12-10 19:16 - Updated: 2025-12-12 18:07
Severity ?
Summary
Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@adobe.com | https://helpx.adobe.com/security/products/experience-manager/apsb25-115.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| adobe | experience_manager | * | |
| adobe | experience_manager | * | |
| adobe | experience_manager | 6.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:-:*:*:*",
"matchCriteriaId": "0FC0CE20-2AC2-45FB-A7CF-9ADEEBC8B411",
"versionEndExcluding": "6.5.24.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:aem_cloud_service:*:*:*",
"matchCriteriaId": "3326AB8A-7DF7-437C-86B6-58BA768E42E5",
"versionEndExcluding": "2025.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:experience_manager:6.5:-:*:*:lts:*:*:*",
"matchCriteriaId": "852C2582-859F-40DB-96CF-E1274CEECC1F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
}
],
"id": "CVE-2025-64852",
"lastModified": "2025-12-12T18:07:25.737",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@adobe.com",
"type": "Primary"
}
]
},
"published": "2025-12-10T19:16:32.823",
"references": [
{
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-115.html"
}
],
"sourceIdentifier": "psirt@adobe.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@adobe.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-64853
Vulnerability from fkie_nvd - Published: 2025-12-10 19:16 - Updated: 2025-12-12 18:07
Severity ?
Summary
Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@adobe.com | https://helpx.adobe.com/security/products/experience-manager/apsb25-115.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| adobe | experience_manager | * | |
| adobe | experience_manager | * | |
| adobe | experience_manager | 6.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:-:*:*:*",
"matchCriteriaId": "0FC0CE20-2AC2-45FB-A7CF-9ADEEBC8B411",
"versionEndExcluding": "6.5.24.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:aem_cloud_service:*:*:*",
"matchCriteriaId": "3326AB8A-7DF7-437C-86B6-58BA768E42E5",
"versionEndExcluding": "2025.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:experience_manager:6.5:-:*:*:lts:*:*:*",
"matchCriteriaId": "852C2582-859F-40DB-96CF-E1274CEECC1F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
}
],
"id": "CVE-2025-64853",
"lastModified": "2025-12-12T18:07:11.743",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@adobe.com",
"type": "Primary"
}
]
},
"published": "2025-12-10T19:16:32.983",
"references": [
{
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-115.html"
}
],
"sourceIdentifier": "psirt@adobe.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@adobe.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-64847
Vulnerability from fkie_nvd - Published: 2025-12-10 19:16 - Updated: 2025-12-12 18:08
Severity ?
Summary
Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@adobe.com | https://helpx.adobe.com/security/products/experience-manager/apsb25-115.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| adobe | experience_manager | * | |
| adobe | experience_manager | * | |
| adobe | experience_manager | 6.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:-:*:*:*",
"matchCriteriaId": "0FC0CE20-2AC2-45FB-A7CF-9ADEEBC8B411",
"versionEndExcluding": "6.5.24.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:aem_cloud_service:*:*:*",
"matchCriteriaId": "3326AB8A-7DF7-437C-86B6-58BA768E42E5",
"versionEndExcluding": "2025.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:experience_manager:6.5:-:*:*:lts:*:*:*",
"matchCriteriaId": "852C2582-859F-40DB-96CF-E1274CEECC1F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
}
],
"id": "CVE-2025-64847",
"lastModified": "2025-12-12T18:08:20.877",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@adobe.com",
"type": "Primary"
}
]
},
"published": "2025-12-10T19:16:32.503",
"references": [
{
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-115.html"
}
],
"sourceIdentifier": "psirt@adobe.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@adobe.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-64845
Vulnerability from fkie_nvd - Published: 2025-12-10 19:16 - Updated: 2025-12-12 18:08
Severity ?
Summary
Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@adobe.com | https://helpx.adobe.com/security/products/experience-manager/apsb25-115.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| adobe | experience_manager | * | |
| adobe | experience_manager | * | |
| adobe | experience_manager | 6.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:-:*:*:*",
"matchCriteriaId": "0FC0CE20-2AC2-45FB-A7CF-9ADEEBC8B411",
"versionEndExcluding": "6.5.24.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:aem_cloud_service:*:*:*",
"matchCriteriaId": "3326AB8A-7DF7-437C-86B6-58BA768E42E5",
"versionEndExcluding": "2025.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:experience_manager:6.5:-:*:*:lts:*:*:*",
"matchCriteriaId": "852C2582-859F-40DB-96CF-E1274CEECC1F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
}
],
"id": "CVE-2025-64845",
"lastModified": "2025-12-12T18:08:29.200",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@adobe.com",
"type": "Primary"
}
]
},
"published": "2025-12-10T19:16:32.347",
"references": [
{
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-115.html"
}
],
"sourceIdentifier": "psirt@adobe.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@adobe.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-64826
Vulnerability from fkie_nvd - Published: 2025-12-10 19:16 - Updated: 2025-12-12 18:09
Severity ?
Summary
Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@adobe.com | https://helpx.adobe.com/security/products/experience-manager/apsb25-115.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| adobe | experience_manager | * | |
| adobe | experience_manager | * | |
| adobe | experience_manager | 6.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:-:*:*:*",
"matchCriteriaId": "0FC0CE20-2AC2-45FB-A7CF-9ADEEBC8B411",
"versionEndExcluding": "6.5.24.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:aem_cloud_service:*:*:*",
"matchCriteriaId": "3326AB8A-7DF7-437C-86B6-58BA768E42E5",
"versionEndExcluding": "2025.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:experience_manager:6.5:-:*:*:lts:*:*:*",
"matchCriteriaId": "852C2582-859F-40DB-96CF-E1274CEECC1F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
}
],
"id": "CVE-2025-64826",
"lastModified": "2025-12-12T18:09:44.143",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@adobe.com",
"type": "Primary"
}
]
},
"published": "2025-12-10T19:16:31.230",
"references": [
{
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-115.html"
}
],
"sourceIdentifier": "psirt@adobe.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@adobe.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-64825
Vulnerability from fkie_nvd - Published: 2025-12-10 19:16 - Updated: 2025-12-12 18:09
Severity ?
Summary
Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@adobe.com | https://helpx.adobe.com/security/products/experience-manager/apsb25-115.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| adobe | experience_manager | * | |
| adobe | experience_manager | * | |
| adobe | experience_manager | 6.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:-:*:*:*",
"matchCriteriaId": "0FC0CE20-2AC2-45FB-A7CF-9ADEEBC8B411",
"versionEndExcluding": "6.5.24.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:aem_cloud_service:*:*:*",
"matchCriteriaId": "3326AB8A-7DF7-437C-86B6-58BA768E42E5",
"versionEndExcluding": "2025.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:experience_manager:6.5:-:*:*:lts:*:*:*",
"matchCriteriaId": "852C2582-859F-40DB-96CF-E1274CEECC1F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
}
],
"id": "CVE-2025-64825",
"lastModified": "2025-12-12T18:09:55.907",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@adobe.com",
"type": "Primary"
}
]
},
"published": "2025-12-10T19:16:31.070",
"references": [
{
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-115.html"
}
],
"sourceIdentifier": "psirt@adobe.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@adobe.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-64839
Vulnerability from fkie_nvd - Published: 2025-12-10 19:16 - Updated: 2025-12-12 18:09
Severity ?
Summary
Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@adobe.com | https://helpx.adobe.com/security/products/experience-manager/apsb25-115.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| adobe | experience_manager | * | |
| adobe | experience_manager | * | |
| adobe | experience_manager | 6.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:-:*:*:*",
"matchCriteriaId": "0FC0CE20-2AC2-45FB-A7CF-9ADEEBC8B411",
"versionEndExcluding": "6.5.24.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:aem_cloud_service:*:*:*",
"matchCriteriaId": "3326AB8A-7DF7-437C-86B6-58BA768E42E5",
"versionEndExcluding": "2025.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:experience_manager:6.5:-:*:*:lts:*:*:*",
"matchCriteriaId": "852C2582-859F-40DB-96CF-E1274CEECC1F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
}
],
"id": "CVE-2025-64839",
"lastModified": "2025-12-12T18:09:10.100",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@adobe.com",
"type": "Primary"
}
]
},
"published": "2025-12-10T19:16:31.883",
"references": [
{
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-115.html"
}
],
"sourceIdentifier": "psirt@adobe.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@adobe.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-64833
Vulnerability from fkie_nvd - Published: 2025-12-10 19:16 - Updated: 2025-12-12 18:08
Severity ?
Summary
Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@adobe.com | https://helpx.adobe.com/security/products/experience-manager/apsb25-115.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| adobe | experience_manager | * | |
| adobe | experience_manager | * | |
| adobe | experience_manager | 6.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:-:*:*:*",
"matchCriteriaId": "0FC0CE20-2AC2-45FB-A7CF-9ADEEBC8B411",
"versionEndExcluding": "6.5.24.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:aem_cloud_service:*:*:*",
"matchCriteriaId": "3326AB8A-7DF7-437C-86B6-58BA768E42E5",
"versionEndExcluding": "2025.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:experience_manager:6.5:-:*:*:lts:*:*:*",
"matchCriteriaId": "852C2582-859F-40DB-96CF-E1274CEECC1F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
}
],
"id": "CVE-2025-64833",
"lastModified": "2025-12-12T18:08:58.730",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@adobe.com",
"type": "Primary"
}
]
},
"published": "2025-12-10T19:16:31.723",
"references": [
{
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-115.html"
}
],
"sourceIdentifier": "psirt@adobe.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@adobe.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-64829
Vulnerability from fkie_nvd - Published: 2025-12-10 19:16 - Updated: 2025-12-12 18:09
Severity ?
Summary
Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@adobe.com | https://helpx.adobe.com/security/products/experience-manager/apsb25-115.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| adobe | experience_manager | * | |
| adobe | experience_manager | * | |
| adobe | experience_manager | 6.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:-:*:*:*",
"matchCriteriaId": "0FC0CE20-2AC2-45FB-A7CF-9ADEEBC8B411",
"versionEndExcluding": "6.5.24.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:aem_cloud_service:*:*:*",
"matchCriteriaId": "3326AB8A-7DF7-437C-86B6-58BA768E42E5",
"versionEndExcluding": "2025.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:experience_manager:6.5:-:*:*:lts:*:*:*",
"matchCriteriaId": "852C2582-859F-40DB-96CF-E1274CEECC1F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
}
],
"id": "CVE-2025-64829",
"lastModified": "2025-12-12T18:09:26.020",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@adobe.com",
"type": "Primary"
}
]
},
"published": "2025-12-10T19:16:31.560",
"references": [
{
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-115.html"
}
],
"sourceIdentifier": "psirt@adobe.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@adobe.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-64827
Vulnerability from fkie_nvd - Published: 2025-12-10 19:16 - Updated: 2025-12-12 18:09
Severity ?
Summary
Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@adobe.com | https://helpx.adobe.com/security/products/experience-manager/apsb25-115.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| adobe | experience_manager | * | |
| adobe | experience_manager | * | |
| adobe | experience_manager | 6.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:-:*:*:*",
"matchCriteriaId": "0FC0CE20-2AC2-45FB-A7CF-9ADEEBC8B411",
"versionEndExcluding": "6.5.24.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:aem_cloud_service:*:*:*",
"matchCriteriaId": "3326AB8A-7DF7-437C-86B6-58BA768E42E5",
"versionEndExcluding": "2025.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:experience_manager:6.5:-:*:*:lts:*:*:*",
"matchCriteriaId": "852C2582-859F-40DB-96CF-E1274CEECC1F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
}
],
"id": "CVE-2025-64827",
"lastModified": "2025-12-12T18:09:34.373",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@adobe.com",
"type": "Primary"
}
]
},
"published": "2025-12-10T19:16:31.393",
"references": [
{
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-115.html"
}
],
"sourceIdentifier": "psirt@adobe.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@adobe.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-64821
Vulnerability from fkie_nvd - Published: 2025-12-10 19:16 - Updated: 2025-12-12 18:11
Severity ?
Summary
Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@adobe.com | https://helpx.adobe.com/security/products/experience-manager/apsb25-115.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| adobe | experience_manager | * | |
| adobe | experience_manager | * | |
| adobe | experience_manager | 6.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:-:*:*:*",
"matchCriteriaId": "0FC0CE20-2AC2-45FB-A7CF-9ADEEBC8B411",
"versionEndExcluding": "6.5.24.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:aem_cloud_service:*:*:*",
"matchCriteriaId": "3326AB8A-7DF7-437C-86B6-58BA768E42E5",
"versionEndExcluding": "2025.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:experience_manager:6.5:-:*:*:lts:*:*:*",
"matchCriteriaId": "852C2582-859F-40DB-96CF-E1274CEECC1F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
}
],
"id": "CVE-2025-64821",
"lastModified": "2025-12-12T18:11:23.127",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@adobe.com",
"type": "Primary"
}
]
},
"published": "2025-12-10T19:16:30.603",
"references": [
{
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-115.html"
}
],
"sourceIdentifier": "psirt@adobe.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@adobe.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-64822
Vulnerability from fkie_nvd - Published: 2025-12-10 19:16 - Updated: 2025-12-12 18:10
Severity ?
Summary
Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@adobe.com | https://helpx.adobe.com/security/products/experience-manager/apsb25-115.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| adobe | experience_manager | * | |
| adobe | experience_manager | * | |
| adobe | experience_manager | 6.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:-:*:*:*",
"matchCriteriaId": "0FC0CE20-2AC2-45FB-A7CF-9ADEEBC8B411",
"versionEndExcluding": "6.5.24.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:aem_cloud_service:*:*:*",
"matchCriteriaId": "3326AB8A-7DF7-437C-86B6-58BA768E42E5",
"versionEndExcluding": "2025.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:experience_manager:6.5:-:*:*:lts:*:*:*",
"matchCriteriaId": "852C2582-859F-40DB-96CF-E1274CEECC1F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
}
],
"id": "CVE-2025-64822",
"lastModified": "2025-12-12T18:10:33.997",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@adobe.com",
"type": "Primary"
}
]
},
"published": "2025-12-10T19:16:30.757",
"references": [
{
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-115.html"
}
],
"sourceIdentifier": "psirt@adobe.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@adobe.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-64820
Vulnerability from fkie_nvd - Published: 2025-12-10 19:16 - Updated: 2025-12-12 18:10
Severity ?
Summary
Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@adobe.com | https://helpx.adobe.com/security/products/experience-manager/apsb25-115.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| adobe | experience_manager | * | |
| adobe | experience_manager | * | |
| adobe | experience_manager | 6.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:-:*:*:*",
"matchCriteriaId": "0FC0CE20-2AC2-45FB-A7CF-9ADEEBC8B411",
"versionEndExcluding": "6.5.24.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:aem_cloud_service:*:*:*",
"matchCriteriaId": "3326AB8A-7DF7-437C-86B6-58BA768E42E5",
"versionEndExcluding": "2025.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:experience_manager:6.5:-:*:*:lts:*:*:*",
"matchCriteriaId": "852C2582-859F-40DB-96CF-E1274CEECC1F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
}
],
"id": "CVE-2025-64820",
"lastModified": "2025-12-12T18:10:58.580",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@adobe.com",
"type": "Primary"
}
]
},
"published": "2025-12-10T19:16:30.440",
"references": [
{
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-115.html"
}
],
"sourceIdentifier": "psirt@adobe.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@adobe.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-64817
Vulnerability from fkie_nvd - Published: 2025-12-10 19:16 - Updated: 2025-12-12 18:11
Severity ?
Summary
Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@adobe.com | https://helpx.adobe.com/security/products/experience-manager/apsb25-115.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| adobe | experience_manager | * | |
| adobe | experience_manager | * | |
| adobe | experience_manager | 6.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:-:*:*:*",
"matchCriteriaId": "0FC0CE20-2AC2-45FB-A7CF-9ADEEBC8B411",
"versionEndExcluding": "6.5.24.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:aem_cloud_service:*:*:*",
"matchCriteriaId": "3326AB8A-7DF7-437C-86B6-58BA768E42E5",
"versionEndExcluding": "2025.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:experience_manager:6.5:-:*:*:lts:*:*:*",
"matchCriteriaId": "852C2582-859F-40DB-96CF-E1274CEECC1F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
}
],
"id": "CVE-2025-64817",
"lastModified": "2025-12-12T18:11:13.470",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@adobe.com",
"type": "Primary"
}
]
},
"published": "2025-12-10T19:16:30.287",
"references": [
{
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-115.html"
}
],
"sourceIdentifier": "psirt@adobe.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@adobe.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-64823
Vulnerability from fkie_nvd - Published: 2025-12-10 19:16 - Updated: 2025-12-12 18:10
Severity ?
Summary
Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@adobe.com | https://helpx.adobe.com/security/products/experience-manager/apsb25-115.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| adobe | experience_manager | * | |
| adobe | experience_manager | * | |
| adobe | experience_manager | 6.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:-:*:*:*",
"matchCriteriaId": "0FC0CE20-2AC2-45FB-A7CF-9ADEEBC8B411",
"versionEndExcluding": "6.5.24.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:aem_cloud_service:*:*:*",
"matchCriteriaId": "3326AB8A-7DF7-437C-86B6-58BA768E42E5",
"versionEndExcluding": "2025.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:experience_manager:6.5:-:*:*:lts:*:*:*",
"matchCriteriaId": "852C2582-859F-40DB-96CF-E1274CEECC1F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
}
],
"id": "CVE-2025-64823",
"lastModified": "2025-12-12T18:10:26.460",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@adobe.com",
"type": "Primary"
}
]
},
"published": "2025-12-10T19:16:30.913",
"references": [
{
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-115.html"
}
],
"sourceIdentifier": "psirt@adobe.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@adobe.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-64814
Vulnerability from fkie_nvd - Published: 2025-12-10 19:16 - Updated: 2025-12-12 18:11
Severity ?
Summary
Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@adobe.com | https://helpx.adobe.com/security/products/experience-manager/apsb25-115.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| adobe | experience_manager | * | |
| adobe | experience_manager | * | |
| adobe | experience_manager | 6.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:-:*:*:*",
"matchCriteriaId": "0FC0CE20-2AC2-45FB-A7CF-9ADEEBC8B411",
"versionEndExcluding": "6.5.24.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:aem_cloud_service:*:*:*",
"matchCriteriaId": "3326AB8A-7DF7-437C-86B6-58BA768E42E5",
"versionEndExcluding": "2025.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:experience_manager:6.5:-:*:*:lts:*:*:*",
"matchCriteriaId": "852C2582-859F-40DB-96CF-E1274CEECC1F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
}
],
"id": "CVE-2025-64814",
"lastModified": "2025-12-12T18:11:05.147",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@adobe.com",
"type": "Primary"
}
]
},
"published": "2025-12-10T19:16:30.130",
"references": [
{
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-115.html"
}
],
"sourceIdentifier": "psirt@adobe.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@adobe.com",
"type": "Primary"
}
]
}