Action not permitted
Modal body text goes here.
Modal Title
Modal Body
wid-sec-w-2025-1285
Vulnerability from csaf_certbund
Published
2025-06-10 22:00
Modified
2025-07-30 22:00
Summary
Adobe Experience Manager: Mehrere Schwachstellen ermöglichen Privilegieneskalation
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Adobe Experience Manager (AEM) ist eine Content-Management-Lösung für die Erstellung von Websites, mobilen Anwendungen und Formularen.
Angriff
Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Adobe Experience Manager ausnutzen, Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen oder Sicherheitsvorkehrungen zu umgehen.
Betroffene Betriebssysteme
- Linux
- Sonstiges
- UNIX
- Windows
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Adobe Experience Manager (AEM) ist eine Content-Management-L\u00f6sung f\u00fcr die Erstellung von Websites, mobilen Anwendungen und Formularen.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Adobe Experience Manager ausnutzen, Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen.", "title": "Angriff" }, { "category": "general", "text": "- Linux\n- Sonstiges\n- UNIX\n- Windows", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2025-1285 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1285.json" }, { "category": "self", "summary": "WID-SEC-2025-1285 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1285" }, { "category": "external", "summary": "Adobe Security Bulletin APSB25-48 vom 2025-06-10", "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source_lang": "en-US", "title": "Adobe Experience Manager: Mehrere Schwachstellen erm\u00f6glichen Privilegieneskalation", "tracking": { "current_release_date": "2025-07-30T22:00:00.000+00:00", "generator": { "date": "2025-07-31T08:09:31.842+00:00", "engine": { "name": "BSI-WID", "version": "1.4.0" } }, "id": "WID-SEC-W-2025-1285", "initial_release_date": "2025-06-10T22:00:00.000+00:00", "revision_history": [ { "date": "2025-06-10T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2025-07-16T22:00:00.000+00:00", "number": "2", "summary": "CVE erg\u00e4nzt" }, { "date": "2025-07-24T22:00:00.000+00:00", "number": "3", "summary": "CVE-Nummern erg\u00e4nzt" }, { "date": "2025-07-30T22:00:00.000+00:00", "number": "4", "summary": "CVE erg\u00e4nzt" } ], "status": "final", "version": "4" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "Cloud Service Release \u003c2025.5", "product": { "name": "Adobe Experience Manager Cloud Service Release \u003c2025.5", "product_id": "T044487" } }, { "category": "product_version", "name": "Cloud Service Release 2025.5", "product": { "name": "Adobe Experience Manager Cloud Service Release 2025.5", "product_id": "T044487-fixed", "product_identification_helper": { "cpe": "cpe:/a:adobe:experience_manager:cloud_service_release__2025.5" } } }, { "category": "product_version_range", "name": "\u003c6.5.23", "product": { "name": "Adobe Experience Manager \u003c6.5.23", "product_id": "T044488" } }, { "category": "product_version", "name": "6.5.23", "product": { "name": "Adobe Experience Manager 6.5.23", "product_id": "T044488-fixed", "product_identification_helper": { "cpe": "cpe:/a:adobe:experience_manager:6.5.23" } } } ], "category": "product_name", "name": "Experience Manager" } ], "category": "vendor", "name": "Adobe" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-25690", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2023-25690" }, { "cve": "CVE-2025-46837", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46837" }, { "cve": "CVE-2025-46838", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46838" }, { "cve": "CVE-2025-46840", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46840" }, { "cve": "CVE-2025-46841", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46841" }, { "cve": "CVE-2025-46842", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46842" }, { "cve": "CVE-2025-46843", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46843" }, { "cve": "CVE-2025-46844", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46844" }, { "cve": "CVE-2025-46845", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46845" }, { "cve": "CVE-2025-46846", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46846" }, { "cve": "CVE-2025-46847", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46847" }, { "cve": "CVE-2025-46848", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46848" }, { "cve": "CVE-2025-46850", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46850" }, { "cve": "CVE-2025-46851", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46851" }, { "cve": "CVE-2025-46853", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46853" }, { "cve": "CVE-2025-46854", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46854" }, { "cve": "CVE-2025-46855", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46855" }, { "cve": "CVE-2025-46857", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46857" }, { "cve": "CVE-2025-46858", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46858" }, { "cve": "CVE-2025-46859", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46859" }, { "cve": "CVE-2025-46860", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46860" }, { "cve": "CVE-2025-46861", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46861" }, { "cve": "CVE-2025-46862", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46862" }, { "cve": "CVE-2025-46863", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46863" }, { "cve": "CVE-2025-46864", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46864" }, { "cve": "CVE-2025-46865", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46865" }, { "cve": "CVE-2025-46866", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46866" }, { "cve": "CVE-2025-46870", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46870" }, { "cve": "CVE-2025-46871", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46871" }, { "cve": "CVE-2025-46872", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46872" }, { "cve": "CVE-2025-46873", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46873" }, { "cve": "CVE-2025-46874", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46874" }, { "cve": "CVE-2025-46875", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46875" }, { "cve": "CVE-2025-46876", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46876" }, { "cve": "CVE-2025-46877", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46877" }, { "cve": "CVE-2025-46878", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46878" }, { "cve": "CVE-2025-46879", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46879" }, { "cve": "CVE-2025-46880", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46880" }, { "cve": "CVE-2025-46881", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46881" }, { "cve": "CVE-2025-46882", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46882" }, { "cve": "CVE-2025-46883", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46883" }, { "cve": "CVE-2025-46884", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46884" }, { "cve": "CVE-2025-46885", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46885" }, { "cve": "CVE-2025-46886", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46886" }, { "cve": "CVE-2025-46887", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46887" }, { "cve": "CVE-2025-46888", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46888" }, { "cve": "CVE-2025-46889", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46889" }, { "cve": "CVE-2025-46890", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46890" }, { "cve": "CVE-2025-46891", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46891" }, { "cve": "CVE-2025-46892", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46892" }, { "cve": "CVE-2025-46893", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46893" }, { "cve": "CVE-2025-46894", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46894" }, { "cve": "CVE-2025-46895", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46895" }, { "cve": "CVE-2025-46898", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46898" }, { "cve": "CVE-2025-46899", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46899" }, { "cve": "CVE-2025-46900", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46900" }, { "cve": "CVE-2025-46901", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46901" }, { "cve": "CVE-2025-46902", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46902" }, { "cve": "CVE-2025-46903", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46903" }, { "cve": "CVE-2025-46904", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46904" }, { "cve": "CVE-2025-46905", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46905" }, { "cve": "CVE-2025-46906", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46906" }, { "cve": "CVE-2025-46907", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46907" }, { "cve": "CVE-2025-46908", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46908" }, { "cve": "CVE-2025-46909", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46909" }, { "cve": "CVE-2025-46910", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46910" }, { "cve": "CVE-2025-46911", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46911" }, { "cve": "CVE-2025-46912", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46912" }, { "cve": "CVE-2025-46913", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46913" }, { "cve": "CVE-2025-46914", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46914" }, { "cve": "CVE-2025-46915", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46915" }, { "cve": "CVE-2025-46916", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46916" }, { "cve": "CVE-2025-46917", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46917" }, { "cve": "CVE-2025-46918", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46918" }, { "cve": "CVE-2025-46919", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46919" }, { "cve": "CVE-2025-46920", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46920" }, { "cve": "CVE-2025-46922", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46922" }, { "cve": "CVE-2025-46923", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46923" }, { "cve": "CVE-2025-46924", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46924" }, { "cve": "CVE-2025-46926", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46926" }, { "cve": "CVE-2025-46927", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46927" }, { "cve": "CVE-2025-46929", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46929" }, { "cve": "CVE-2025-46930", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46930" }, { "cve": "CVE-2025-46931", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46931" }, { "cve": "CVE-2025-46933", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46933" }, { "cve": "CVE-2025-46934", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46934" }, { "cve": "CVE-2025-46935", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46935" }, { "cve": "CVE-2025-46939", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46939" }, { "cve": "CVE-2025-46940", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46940" }, { "cve": "CVE-2025-46941", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46941" }, { "cve": "CVE-2025-46942", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46942" }, { "cve": "CVE-2025-46943", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46943" }, { "cve": "CVE-2025-46944", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46944" }, { "cve": "CVE-2025-46945", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46945" }, { "cve": "CVE-2025-46946", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46946" }, { "cve": "CVE-2025-46947", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46947" }, { "cve": "CVE-2025-46948", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46948" }, { "cve": "CVE-2025-46949", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46949" }, { "cve": "CVE-2025-46950", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46950" }, { "cve": "CVE-2025-46951", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46951" }, { "cve": "CVE-2025-46952", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46952" }, { "cve": "CVE-2025-46953", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46953" }, { "cve": "CVE-2025-46954", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46954" }, { "cve": "CVE-2025-46955", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46955" }, { "cve": "CVE-2025-46956", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46956" }, { "cve": "CVE-2025-46957", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46957" }, { "cve": "CVE-2025-46958", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46958" }, { "cve": "CVE-2025-46959", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46959" }, { "cve": "CVE-2025-46960", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46960" }, { "cve": "CVE-2025-46963", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46963" }, { "cve": "CVE-2025-46964", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46964" }, { "cve": "CVE-2025-46965", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46965" }, { "cve": "CVE-2025-46966", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46966" }, { "cve": "CVE-2025-46967", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46967" }, { "cve": "CVE-2025-46968", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46968" }, { "cve": "CVE-2025-46970", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46970" }, { "cve": "CVE-2025-46971", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46971" }, { "cve": "CVE-2025-46972", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46972" }, { "cve": "CVE-2025-46973", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46973" }, { "cve": "CVE-2025-46974", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46974" }, { "cve": "CVE-2025-46975", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46975" }, { "cve": "CVE-2025-46976", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46976" }, { "cve": "CVE-2025-46977", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46977" }, { "cve": "CVE-2025-46978", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46978" }, { "cve": "CVE-2025-46979", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46979" }, { "cve": "CVE-2025-46981", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46981" }, { "cve": "CVE-2025-46982", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46982" }, { "cve": "CVE-2025-46983", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46983" }, { "cve": "CVE-2025-46984", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46984" }, { "cve": "CVE-2025-46985", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46985" }, { "cve": "CVE-2025-46986", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46986" }, { "cve": "CVE-2025-46987", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46987" }, { "cve": "CVE-2025-46988", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46988" }, { "cve": "CVE-2025-46989", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46989" }, { "cve": "CVE-2025-46990", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46990" }, { "cve": "CVE-2025-46991", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46991" }, { "cve": "CVE-2025-46992", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46992" }, { "cve": "CVE-2025-46993", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46993" }, { "cve": "CVE-2025-46995", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46995" }, { "cve": "CVE-2025-46996", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46996" }, { "cve": "CVE-2025-46997", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46997" }, { "cve": "CVE-2025-46999", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-46999" }, { "cve": "CVE-2025-47000", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47000" }, { "cve": "CVE-2025-47001", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47001" }, { "cve": "CVE-2025-47002", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47002" }, { "cve": "CVE-2025-47003", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47003" }, { "cve": "CVE-2025-47004", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47004" }, { "cve": "CVE-2025-47005", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47005" }, { "cve": "CVE-2025-47006", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47006" }, { "cve": "CVE-2025-47007", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47007" }, { "cve": "CVE-2025-47008", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47008" }, { "cve": "CVE-2025-47010", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47010" }, { "cve": "CVE-2025-47011", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47011" }, { "cve": "CVE-2025-47012", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47012" }, { "cve": "CVE-2025-47013", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47013" }, { "cve": "CVE-2025-47014", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47014" }, { "cve": "CVE-2025-47015", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47015" }, { "cve": "CVE-2025-47016", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47016" }, { "cve": "CVE-2025-47017", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47017" }, { "cve": "CVE-2025-47019", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47019" }, { "cve": "CVE-2025-47020", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47020" }, { "cve": "CVE-2025-47021", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47021" }, { "cve": "CVE-2025-47022", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47022" }, { "cve": "CVE-2025-47025", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47025" }, { "cve": "CVE-2025-47026", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47026" }, { "cve": "CVE-2025-47027", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47027" }, { "cve": "CVE-2025-47029", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47029" }, { "cve": "CVE-2025-47030", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47030" }, { "cve": "CVE-2025-47031", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47031" }, { "cve": "CVE-2025-47032", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47032" }, { "cve": "CVE-2025-47033", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47033" }, { "cve": "CVE-2025-47034", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47034" }, { "cve": "CVE-2025-47035", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47035" }, { "cve": "CVE-2025-47036", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47036" }, { "cve": "CVE-2025-47037", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47037" }, { "cve": "CVE-2025-47038", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47038" }, { "cve": "CVE-2025-47039", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47039" }, { "cve": "CVE-2025-47040", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47040" }, { "cve": "CVE-2025-47041", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47041" }, { "cve": "CVE-2025-47042", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47042" }, { "cve": "CVE-2025-47044", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47044" }, { "cve": "CVE-2025-47045", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47045" }, { "cve": "CVE-2025-47047", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47047" }, { "cve": "CVE-2025-47048", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47048" }, { "cve": "CVE-2025-47049", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47049" }, { "cve": "CVE-2025-47050", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47050" }, { "cve": "CVE-2025-47051", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47051" }, { "cve": "CVE-2025-47052", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47052" }, { "cve": "CVE-2025-47053", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47053" }, { "cve": "CVE-2025-47055", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47055" }, { "cve": "CVE-2025-47056", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47056" }, { "cve": "CVE-2025-47057", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47057" }, { "cve": "CVE-2025-47060", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47060" }, { "cve": "CVE-2025-47061", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47061" }, { "cve": "CVE-2025-47062", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47062" }, { "cve": "CVE-2025-47063", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47063" }, { "cve": "CVE-2025-47065", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47065" }, { "cve": "CVE-2025-47066", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47066" }, { "cve": "CVE-2025-47067", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47067" }, { "cve": "CVE-2025-47068", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47068" }, { "cve": "CVE-2025-47069", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47069" }, { "cve": "CVE-2025-47070", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47070" }, { "cve": "CVE-2025-47071", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47071" }, { "cve": "CVE-2025-47072", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47072" }, { "cve": "CVE-2025-47073", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47073" }, { "cve": "CVE-2025-47074", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47074" }, { "cve": "CVE-2025-47075", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47075" }, { "cve": "CVE-2025-47076", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47076" }, { "cve": "CVE-2025-47077", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47077" }, { "cve": "CVE-2025-47078", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47078" }, { "cve": "CVE-2025-47079", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47079" }, { "cve": "CVE-2025-47080", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47080" }, { "cve": "CVE-2025-47081", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47081" }, { "cve": "CVE-2025-47082", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47082" }, { "cve": "CVE-2025-47083", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47083" }, { "cve": "CVE-2025-47084", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47084" }, { "cve": "CVE-2025-47085", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47085" }, { "cve": "CVE-2025-47086", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47086" }, { "cve": "CVE-2025-47087", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47087" }, { "cve": "CVE-2025-47088", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47088" }, { "cve": "CVE-2025-47089", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47089" }, { "cve": "CVE-2025-47090", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47090" }, { "cve": "CVE-2025-47091", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47091" }, { "cve": "CVE-2025-47092", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47092" }, { "cve": "CVE-2025-47093", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47093" }, { "cve": "CVE-2025-47094", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47094" }, { "cve": "CVE-2025-47095", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47095" }, { "cve": "CVE-2025-47096", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47096" }, { "cve": "CVE-2025-47100", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47100" }, { "cve": "CVE-2025-47102", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47102" }, { "cve": "CVE-2025-47113", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47113" }, { "cve": "CVE-2025-47114", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47114" }, { "cve": "CVE-2025-47115", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47115" }, { "cve": "CVE-2025-47116", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47116" }, { "cve": "CVE-2025-47117", "product_status": { "known_affected": [ "T044488", "T044487" ] }, "release_date": "2025-06-10T22:00:00.000+00:00", "title": "CVE-2025-47117" } ] }
CVE-2025-47084 (GCVE-0-2025-47084)
Vulnerability from cvelistv5
Published
2025-06-10 22:18
Modified
2025-06-11 14:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47084", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:04:24.878903Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:49:48.114Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:18:40.168Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47084", "datePublished": "2025-06-10T22:18:40.168Z", "dateReserved": "2025-04-30T20:47:55.000Z", "dateUpdated": "2025-06-11T14:49:48.114Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46902 (GCVE-0-2025-46902)
Vulnerability from cvelistv5
Published
2025-06-10 22:19
Modified
2025-06-11 14:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46902", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:00:43.692306Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:45:23.951Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:19:12.587Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46902", "datePublished": "2025-06-10T22:19:12.587Z", "dateReserved": "2025-04-30T20:47:54.955Z", "dateUpdated": "2025-06-11T14:45:23.951Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47020 (GCVE-0-2025-47020)
Vulnerability from cvelistv5
Published
2025-06-10 22:19
Modified
2025-06-11 14:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47020", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:01:16.627883Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:46:05.344Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:19:07.826Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47020", "datePublished": "2025-06-10T22:19:07.826Z", "dateReserved": "2025-04-30T20:47:54.995Z", "dateUpdated": "2025-06-11T14:46:05.344Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46996 (GCVE-0-2025-46996)
Vulnerability from cvelistv5
Published
2025-07-24 15:43
Modified
2025-07-24 16:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46996", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-07-24T16:02:02.191498Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-07-24T16:02:59.162Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-07-24T15:43:33.250Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46996", "datePublished": "2025-07-24T15:43:33.250Z", "dateReserved": "2025-04-30T20:47:54.990Z", "dateUpdated": "2025-07-24T16:02:59.162Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47010 (GCVE-0-2025-47010)
Vulnerability from cvelistv5
Published
2025-06-10 22:17
Modified
2025-06-11 14:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47010", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:06:50.819826Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:19:54.122Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:17:54.223Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47010", "datePublished": "2025-06-10T22:17:54.223Z", "dateReserved": "2025-04-30T20:47:54.993Z", "dateUpdated": "2025-06-11T14:19:54.122Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46890 (GCVE-0-2025-46890)
Vulnerability from cvelistv5
Published
2025-06-10 22:19
Modified
2025-06-11 19:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (DOM-based XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46890", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T19:21:24.212083Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T19:21:39.778Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:19:41.989Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46890", "datePublished": "2025-06-10T22:19:41.989Z", "dateReserved": "2025-04-30T20:47:54.953Z", "dateUpdated": "2025-06-11T19:21:39.778Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47034 (GCVE-0-2025-47034)
Vulnerability from cvelistv5
Published
2025-06-10 22:19
Modified
2025-06-11 14:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (DOM-based XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47034", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T13:56:57.512099Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:39:20.761Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:19:53.021Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47034", "datePublished": "2025-06-10T22:19:53.021Z", "dateReserved": "2025-04-30T20:47:54.996Z", "dateUpdated": "2025-06-11T14:39:20.761Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47049 (GCVE-0-2025-47049)
Vulnerability from cvelistv5
Published
2025-06-10 22:17
Modified
2025-06-11 14:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (DOM-based XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a specially crafted web page.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47049", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:09:38.315830Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:58:13.792Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim\u0027s browser. Exploitation of this issue requires user interaction in that a victim must visit a specially crafted web page." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 6.1, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 6.1, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:17:40.998Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47049", "datePublished": "2025-06-10T22:17:40.998Z", "dateReserved": "2025-04-30T20:47:54.997Z", "dateUpdated": "2025-06-11T14:58:13.792Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46888 (GCVE-0-2025-46888)
Vulnerability from cvelistv5
Published
2025-06-10 22:19
Modified
2025-06-11 18:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46888", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T18:36:47.821349Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T18:54:08.212Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:19:28.661Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46888", "datePublished": "2025-06-10T22:19:28.661Z", "dateReserved": "2025-04-30T20:47:54.953Z", "dateUpdated": "2025-06-11T18:54:08.212Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47116 (GCVE-0-2025-47116)
Vulnerability from cvelistv5
Published
2025-06-10 22:19
Modified
2025-06-11 14:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47116", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:00:31.828361Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:45:12.250Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:19:14.145Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47116", "datePublished": "2025-06-10T22:19:14.145Z", "dateReserved": "2025-04-30T20:47:55.001Z", "dateUpdated": "2025-06-11T14:45:12.250Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46931 (GCVE-0-2025-46931)
Vulnerability from cvelistv5
Published
2025-06-10 22:19
Modified
2025-06-11 14:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46931", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:01:38.632181Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:46:33.592Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:19:04.769Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46931", "datePublished": "2025-06-10T22:19:04.769Z", "dateReserved": "2025-04-30T20:47:54.968Z", "dateUpdated": "2025-06-11T14:46:33.592Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47006 (GCVE-0-2025-47006)
Vulnerability from cvelistv5
Published
2025-06-10 22:19
Modified
2025-06-11 14:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47006", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T13:57:03.198215Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:39:28.594Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:19:52.198Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47006", "datePublished": "2025-06-10T22:19:52.198Z", "dateReserved": "2025-04-30T20:47:54.992Z", "dateUpdated": "2025-06-11T14:39:28.594Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47087 (GCVE-0-2025-47087)
Vulnerability from cvelistv5
Published
2025-06-10 22:18
Modified
2025-06-11 14:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47087", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:07:37.426074Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:53:50.296Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:18:13.169Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47087", "datePublished": "2025-06-10T22:18:13.169Z", "dateReserved": "2025-04-30T20:47:55.000Z", "dateUpdated": "2025-06-11T14:53:50.296Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46846 (GCVE-0-2025-46846)
Vulnerability from cvelistv5
Published
2025-06-10 22:18
Modified
2025-06-11 14:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46846", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:06:03.284973Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:51:51.197Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:18:26.482Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46846", "datePublished": "2025-06-10T22:18:26.482Z", "dateReserved": "2025-04-30T20:47:54.945Z", "dateUpdated": "2025-06-11T14:51:51.197Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46914 (GCVE-0-2025-46914)
Vulnerability from cvelistv5
Published
2025-06-10 22:17
Modified
2025-06-11 14:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46914", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:09:11.311008Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:57:40.543Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:17:58.746Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46914", "datePublished": "2025-06-10T22:17:58.746Z", "dateReserved": "2025-04-30T20:47:54.964Z", "dateUpdated": "2025-06-11T14:57:40.543Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46900 (GCVE-0-2025-46900)
Vulnerability from cvelistv5
Published
2025-06-10 22:19
Modified
2025-06-11 14:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46900", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:00:53.411989Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:45:38.656Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:19:10.965Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46900", "datePublished": "2025-06-10T22:19:10.965Z", "dateReserved": "2025-04-30T20:47:54.954Z", "dateUpdated": "2025-06-11T14:45:38.656Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46948 (GCVE-0-2025-46948)
Vulnerability from cvelistv5
Published
2025-06-10 22:19
Modified
2025-06-11 14:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46948", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:01:28.020618Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:46:20.528Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:19:06.333Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46948", "datePublished": "2025-06-10T22:19:06.333Z", "dateReserved": "2025-04-30T20:47:54.978Z", "dateUpdated": "2025-06-11T14:46:20.528Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46982 (GCVE-0-2025-46982)
Vulnerability from cvelistv5
Published
2025-06-10 22:19
Modified
2025-06-11 14:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46982", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T13:58:08.738128Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:40:32.785Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:19:36.611Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46982", "datePublished": "2025-06-10T22:19:36.611Z", "dateReserved": "2025-04-30T20:47:54.986Z", "dateUpdated": "2025-06-11T14:40:32.785Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46870 (GCVE-0-2025-46870)
Vulnerability from cvelistv5
Published
2025-06-10 22:18
Modified
2025-06-11 14:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (DOM-based XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46870", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:06:41.343760Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:52:42.052Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:18:20.873Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46870", "datePublished": "2025-06-10T22:18:20.873Z", "dateReserved": "2025-04-30T20:47:54.949Z", "dateUpdated": "2025-06-11T14:52:42.052Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46899 (GCVE-0-2025-46899)
Vulnerability from cvelistv5
Published
2025-06-10 22:19
Modified
2025-06-11 14:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46899", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:01:10.599542Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:45:57.953Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:19:08.666Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46899", "datePublished": "2025-06-10T22:19:08.666Z", "dateReserved": "2025-04-30T20:47:54.954Z", "dateUpdated": "2025-06-11T14:45:57.953Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47012 (GCVE-0-2025-47012)
Vulnerability from cvelistv5
Published
2025-06-10 22:19
Modified
2025-06-11 14:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47012", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T13:59:58.990979Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:44:32.325Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:19:18.084Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47012", "datePublished": "2025-06-10T22:19:18.084Z", "dateReserved": "2025-04-30T20:47:54.994Z", "dateUpdated": "2025-06-11T14:44:32.325Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-25690 (GCVE-0-2023-25690)
Vulnerability from cvelistv5
Published
2023-03-07 15:09
Modified
2025-02-13 16:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
Summary
Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack.
Configurations are affected when mod_proxy is enabled along with some form of RewriteRule
or ProxyPassMatch in which a non-specific pattern matches
some portion of the user-supplied request-target (URL) data and is then
re-inserted into the proxied request-target using variable
substitution. For example, something like:
RewriteEngine on
RewriteRule "^/here/(.*)" "http://example.com:8080/elsewhere?$1"; [P]
ProxyPassReverse /here/ http://example.com:8080/
Request splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version 2.4.56 of Apache HTTP Server.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Apache Software Foundation | Apache HTTP Server |
Version: 2.4.0 ≤ 2.4.55 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:25:19.361Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00028.html" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202309-01" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/176334/Apache-2.4.55-mod_proxy-HTTP-Request-Smuggling.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Apache HTTP Server", "vendor": "Apache Software Foundation", "versions": [ { "lessThanOrEqual": "2.4.55", "status": "affected", "version": "2.4.0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Lars Krapf of Adobe" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cdiv\u003eSome mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack.\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003cdiv\u003eConfigurations are affected when mod_proxy is enabled along with some form of RewriteRule\n or ProxyPassMatch in which a non-specific pattern matches\n some portion of the user-supplied request-target (URL) data and is then\n re-inserted into the proxied request-target using variable \nsubstitution. For example, something like:\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eRewriteEngine on\u003cbr\u003eRewriteRule \"^/here/(.*)\" \"http://example.com:8080/elsewhere?$1\"; [P]\u003cbr\u003eProxyPassReverse /here/ http://example.com:8080/\u003c/div\u003e\u003cbr\u003eRequest splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version 2.4.56 of Apache HTTP Server.\u003cbr\u003e\u003c/div\u003e" } ], "value": "Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack.\n\n\n\n\nConfigurations are affected when mod_proxy is enabled along with some form of RewriteRule\n or ProxyPassMatch in which a non-specific pattern matches\n some portion of the user-supplied request-target (URL) data and is then\n re-inserted into the proxied request-target using variable \nsubstitution. For example, something like:\n\n\n\n\nRewriteEngine on\nRewriteRule \"^/here/(.*)\" \"http://example.com:8080/elsewhere?$1\"; [P]\nProxyPassReverse /here/ http://example.com:8080/\n\n\nRequest splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version 2.4.56 of Apache HTTP Server." } ], "metrics": [ { "other": { "content": { "text": "important" }, "type": "Textual description of severity" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-444", "description": "CWE-444 Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-02T16:06:10.239Z", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00028.html" }, { "url": "https://security.gentoo.org/glsa/202309-01" }, { "url": "http://packetstormsecurity.com/files/176334/Apache-2.4.55-mod_proxy-HTTP-Request-Smuggling.html" } ], "source": { "discovery": "UNKNOWN" }, "timeline": [ { "lang": "en", "time": "2023-02-02T02:01:00.000Z", "value": "reported" } ], "title": "Apache HTTP Server: HTTP request splitting with mod_rewrite and mod_proxy", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2023-25690", "datePublished": "2023-03-07T15:09:03.080Z", "dateReserved": "2023-02-12T13:28:31.657Z", "dateUpdated": "2025-02-13T16:44:35.286Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47042 (GCVE-0-2025-47042)
Vulnerability from cvelistv5
Published
2025-06-10 22:18
Modified
2025-06-11 14:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (DOM-based XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47042", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:05:25.222392Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:50:59.645Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:18:31.745Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47042", "datePublished": "2025-06-10T22:18:31.745Z", "dateReserved": "2025-04-30T20:47:54.997Z", "dateUpdated": "2025-06-11T14:50:59.645Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46875 (GCVE-0-2025-46875)
Vulnerability from cvelistv5
Published
2025-06-10 22:18
Modified
2025-06-11 14:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Reflected XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46875", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:06:46.456504Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:52:49.315Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim\u0027s browser." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Reflected XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:18:20.112Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46875", "datePublished": "2025-06-10T22:18:20.112Z", "dateReserved": "2025-04-30T20:47:54.951Z", "dateUpdated": "2025-06-11T14:52:49.315Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46904 (GCVE-0-2025-46904)
Vulnerability from cvelistv5
Published
2025-06-10 22:19
Modified
2025-06-11 14:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46904", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:02:00.639531Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:46:57.257Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:19:02.172Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46904", "datePublished": "2025-06-10T22:19:02.172Z", "dateReserved": "2025-04-30T20:47:54.955Z", "dateUpdated": "2025-06-11T14:46:57.257Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47076 (GCVE-0-2025-47076)
Vulnerability from cvelistv5
Published
2025-06-10 22:18
Modified
2025-06-11 14:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47076", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:08:52.597381Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:57:17.453Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:18:01.206Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47076", "datePublished": "2025-06-10T22:18:01.206Z", "dateReserved": "2025-04-30T20:47:54.999Z", "dateUpdated": "2025-06-11T14:57:17.453Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47021 (GCVE-0-2025-47021)
Vulnerability from cvelistv5
Published
2025-06-10 22:19
Modified
2025-06-11 14:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47021", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T13:59:33.134314Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:44:00.443Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:19:20.865Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47021", "datePublished": "2025-06-10T22:19:20.865Z", "dateReserved": "2025-04-30T20:47:54.995Z", "dateUpdated": "2025-06-11T14:44:00.443Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47055 (GCVE-0-2025-47055)
Vulnerability from cvelistv5
Published
2025-06-10 22:18
Modified
2025-06-11 14:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47055", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:07:54.136512Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:54:13.057Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:18:10.747Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47055", "datePublished": "2025-06-10T22:18:10.747Z", "dateReserved": "2025-04-30T20:47:54.998Z", "dateUpdated": "2025-06-11T14:54:13.057Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47095 (GCVE-0-2025-47095)
Vulnerability from cvelistv5
This CVE ID was issued in error by its CVE Numbering Authority and does not represent a valid vulnerability.
Show details on NVD website{ "containers": { "cna": { "providerMetadata": { "dateUpdated": "2025-06-10T23:27:56.730Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "rejectedReasons": [ { "lang": "en", "value": "This CVE ID was issued in error by its CVE Numbering Authority and does not represent a valid vulnerability." } ] } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47095", "datePublished": "2025-06-10T22:17:43.281Z", "dateRejected": "2025-06-10T23:27:56.730Z", "dateReserved": "2025-04-30T20:47:55.000Z", "dateUpdated": "2025-06-10T23:27:56.730Z", "state": "REJECTED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46862 (GCVE-0-2025-46862)
Vulnerability from cvelistv5
Published
2025-06-10 22:17
Modified
2025-06-11 14:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46862", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:07:22.767736Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:21:06.693Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:17:31.819Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46862", "datePublished": "2025-06-10T22:17:31.819Z", "dateReserved": "2025-04-30T20:47:54.947Z", "dateUpdated": "2025-06-11T14:21:06.693Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47062 (GCVE-0-2025-47062)
Vulnerability from cvelistv5
Published
2025-06-10 22:19
Modified
2025-06-11 14:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47062", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:00:38.339836Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:45:17.985Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:19:13.387Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47062", "datePublished": "2025-06-10T22:19:13.387Z", "dateReserved": "2025-04-30T20:47:54.998Z", "dateUpdated": "2025-06-11T14:45:17.985Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46843 (GCVE-0-2025-46843)
Vulnerability from cvelistv5
Published
2025-06-10 22:18
Modified
2025-06-11 14:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46843", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:09:00.399300Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:57:24.147Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:18:00.398Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46843", "datePublished": "2025-06-10T22:18:00.398Z", "dateReserved": "2025-04-30T20:47:54.945Z", "dateUpdated": "2025-06-11T14:57:24.147Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46944 (GCVE-0-2025-46944)
Vulnerability from cvelistv5
Published
2025-06-10 22:18
Modified
2025-06-11 14:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46944", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:08:09.624218Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:54:31.321Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:18:08.484Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46944", "datePublished": "2025-06-10T22:18:08.484Z", "dateReserved": "2025-04-30T20:47:54.976Z", "dateUpdated": "2025-06-11T14:54:31.321Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46924 (GCVE-0-2025-46924)
Vulnerability from cvelistv5
Published
2025-06-10 22:19
Modified
2025-06-11 19:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46924", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T19:15:57.728136Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T19:17:02.495Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:19:40.459Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46924", "datePublished": "2025-06-10T22:19:40.459Z", "dateReserved": "2025-04-30T20:47:54.965Z", "dateUpdated": "2025-06-11T19:17:02.495Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46991 (GCVE-0-2025-46991)
Vulnerability from cvelistv5
Published
2025-06-10 22:20
Modified
2025-06-11 15:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46991", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T15:09:48.611848Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T15:10:02.807Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:20:17.980Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46991", "datePublished": "2025-06-10T22:20:17.980Z", "dateReserved": "2025-04-30T20:47:54.989Z", "dateUpdated": "2025-06-11T15:10:02.807Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47083 (GCVE-0-2025-47083)
Vulnerability from cvelistv5
Published
2025-06-10 22:18
Modified
2025-06-11 14:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47083", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:08:47.720651Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:55:29.510Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:18:02.991Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47083", "datePublished": "2025-06-10T22:18:02.991Z", "dateReserved": "2025-04-30T20:47:54.999Z", "dateUpdated": "2025-06-11T14:55:29.510Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46918 (GCVE-0-2025-46918)
Vulnerability from cvelistv5
Published
2025-06-10 22:20
Modified
2025-06-11 14:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46918", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T13:56:26.028000Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:38:38.771Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:20:07.177Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46918", "datePublished": "2025-06-10T22:20:07.177Z", "dateReserved": "2025-04-30T20:47:54.965Z", "dateUpdated": "2025-06-11T14:38:38.771Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46992 (GCVE-0-2025-46992)
Vulnerability from cvelistv5
Published
2025-06-10 22:18
Modified
2025-06-11 14:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46992", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:08:04.476095Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:54:24.818Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:18:09.232Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46992", "datePublished": "2025-06-10T22:18:09.232Z", "dateReserved": "2025-04-30T20:47:54.989Z", "dateUpdated": "2025-06-11T14:54:24.818Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47001 (GCVE-0-2025-47001)
Vulnerability from cvelistv5
Published
2025-07-30 13:00
Modified
2025-07-30 14:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47001", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-07-30T13:22:44.586531Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-07-30T14:48:34.516Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-07-30T13:00:06.739Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47001", "datePublished": "2025-07-30T13:00:06.739Z", "dateReserved": "2025-04-30T20:47:54.991Z", "dateUpdated": "2025-07-30T14:48:34.516Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46876 (GCVE-0-2025-46876)
Vulnerability from cvelistv5
Published
2025-06-10 22:19
Modified
2025-06-11 14:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46876", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:01:33.292062Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:46:27.201Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:19:05.543Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46876", "datePublished": "2025-06-10T22:19:05.543Z", "dateReserved": "2025-04-30T20:47:54.951Z", "dateUpdated": "2025-06-11T14:46:27.201Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47090 (GCVE-0-2025-47090)
Vulnerability from cvelistv5
Published
2025-06-10 22:18
Modified
2025-06-11 14:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47090", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:04:20.007897Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:49:39.706Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:18:40.970Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47090", "datePublished": "2025-06-10T22:18:40.970Z", "dateReserved": "2025-04-30T20:47:55.000Z", "dateUpdated": "2025-06-11T14:49:39.706Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46917 (GCVE-0-2025-46917)
Vulnerability from cvelistv5
Published
2025-06-10 22:20
Modified
2025-06-11 13:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46917", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T13:43:20.242740Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T13:43:30.305Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:20:35.058Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46917", "datePublished": "2025-06-10T22:20:35.058Z", "dateReserved": "2025-04-30T20:47:54.964Z", "dateUpdated": "2025-06-11T13:43:30.305Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46954 (GCVE-0-2025-46954)
Vulnerability from cvelistv5
Published
2025-06-10 22:20
Modified
2025-06-11 14:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (DOM-based XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46954", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:08:10.493797Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:14:11.633Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:20:32.374Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46954", "datePublished": "2025-06-10T22:20:32.374Z", "dateReserved": "2025-04-30T20:47:54.979Z", "dateUpdated": "2025-06-11T14:14:11.633Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46930 (GCVE-0-2025-46930)
Vulnerability from cvelistv5
Published
2025-06-10 22:17
Modified
2025-06-11 14:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46930", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:07:04.034724Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:20:22.636Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:17:49.410Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46930", "datePublished": "2025-06-10T22:17:49.410Z", "dateReserved": "2025-04-30T20:47:54.968Z", "dateUpdated": "2025-06-11T14:20:22.636Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46879 (GCVE-0-2025-46879)
Vulnerability from cvelistv5
Published
2025-06-10 22:18
Modified
2025-06-11 14:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46879", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:02:16.331506Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:47:19.683Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:18:59.404Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46879", "datePublished": "2025-06-10T22:18:59.404Z", "dateReserved": "2025-04-30T20:47:54.952Z", "dateUpdated": "2025-06-11T14:47:19.683Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46956 (GCVE-0-2025-46956)
Vulnerability from cvelistv5
Published
2025-06-10 22:19
Modified
2025-06-11 14:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (DOM-based XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46956", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T13:57:50.613467Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:40:20.040Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:19:38.152Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46956", "datePublished": "2025-06-10T22:19:38.152Z", "dateReserved": "2025-04-30T20:47:54.981Z", "dateUpdated": "2025-06-11T14:40:20.040Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46884 (GCVE-0-2025-46884)
Vulnerability from cvelistv5
Published
2025-06-10 22:18
Modified
2025-06-11 14:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46884", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:05:56.986229Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:51:44.317Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 4.8, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "HIGH", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "HIGH", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 4.8, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:18:27.207Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46884", "datePublished": "2025-06-10T22:18:27.207Z", "dateReserved": "2025-04-30T20:47:54.952Z", "dateUpdated": "2025-06-11T14:51:44.317Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46913 (GCVE-0-2025-46913)
Vulnerability from cvelistv5
Published
2025-06-10 22:19
Modified
2025-06-11 14:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46913", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:00:08.687817Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:44:44.815Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 4.8, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "HIGH", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "HIGH", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 4.8, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:19:17.323Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46913", "datePublished": "2025-06-10T22:19:17.323Z", "dateReserved": "2025-04-30T20:47:54.958Z", "dateUpdated": "2025-06-11T14:44:44.815Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47000 (GCVE-0-2025-47000)
Vulnerability from cvelistv5
Published
2025-06-10 22:18
Modified
2025-06-11 14:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47000", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:05:19.024572Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:50:53.607Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:18:32.524Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47000", "datePublished": "2025-06-10T22:18:32.524Z", "dateReserved": "2025-04-30T20:47:54.991Z", "dateUpdated": "2025-06-11T14:50:53.607Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47074 (GCVE-0-2025-47074)
Vulnerability from cvelistv5
Published
2025-06-10 22:19
Modified
2025-06-11 14:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47074", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T13:56:47.516457Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:39:06.185Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:19:54.890Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47074", "datePublished": "2025-06-10T22:19:54.890Z", "dateReserved": "2025-04-30T20:47:54.999Z", "dateUpdated": "2025-06-11T14:39:06.185Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46993 (GCVE-0-2025-46993)
Vulnerability from cvelistv5
Published
2025-07-24 15:51
Modified
2025-07-24 17:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46993", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-07-24T17:27:34.155592Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-07-24T17:27:41.647Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-07-24T15:51:57.986Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46993", "datePublished": "2025-07-24T15:51:57.986Z", "dateReserved": "2025-04-30T20:47:54.989Z", "dateUpdated": "2025-07-24T17:27:41.647Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46891 (GCVE-0-2025-46891)
Vulnerability from cvelistv5
Published
2025-06-10 22:18
Modified
2025-06-11 14:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46891", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:05:09.006889Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:50:42.130Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:18:34.073Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46891", "datePublished": "2025-06-10T22:18:34.073Z", "dateReserved": "2025-04-30T20:47:54.953Z", "dateUpdated": "2025-06-11T14:50:42.130Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47019 (GCVE-0-2025-47019)
Vulnerability from cvelistv5
Published
2025-06-10 22:19
Modified
2025-06-11 14:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47019", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T13:59:27.223868Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:43:54.115Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:19:21.613Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47019", "datePublished": "2025-06-10T22:19:21.613Z", "dateReserved": "2025-04-30T20:47:54.995Z", "dateUpdated": "2025-06-11T14:43:54.115Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46851 (GCVE-0-2025-46851)
Vulnerability from cvelistv5
Published
2025-06-10 22:18
Modified
2025-06-11 14:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46851", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:07:02.667127Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:53:08.469Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:18:17.850Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46851", "datePublished": "2025-06-10T22:18:17.850Z", "dateReserved": "2025-04-30T20:47:54.946Z", "dateUpdated": "2025-06-11T14:53:08.469Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46922 (GCVE-0-2025-46922)
Vulnerability from cvelistv5
Published
2025-06-10 22:20
Modified
2025-06-11 14:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46922", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:55:21.004185Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:57:03.983Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:20:20.291Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46922", "datePublished": "2025-06-10T22:20:20.291Z", "dateReserved": "2025-04-30T20:47:54.965Z", "dateUpdated": "2025-06-11T14:57:03.983Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46975 (GCVE-0-2025-46975)
Vulnerability from cvelistv5
Published
2025-06-10 22:19
Modified
2025-06-11 14:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (DOM-based XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46975", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T13:57:45.890165Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:40:13.448Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:19:38.908Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46975", "datePublished": "2025-06-10T22:19:38.908Z", "dateReserved": "2025-04-30T20:47:54.984Z", "dateUpdated": "2025-06-11T14:40:13.448Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47004 (GCVE-0-2025-47004)
Vulnerability from cvelistv5
Published
2025-06-10 22:19
Modified
2025-06-11 19:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47004", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T19:11:25.681908Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T19:11:40.307Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:19:26.363Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47004", "datePublished": "2025-06-10T22:19:26.363Z", "dateReserved": "2025-04-30T20:47:54.992Z", "dateUpdated": "2025-06-11T19:11:40.307Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46845 (GCVE-0-2025-46845)
Vulnerability from cvelistv5
Published
2025-06-10 22:19
Modified
2025-06-11 18:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46845", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T18:06:08.473301Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T18:06:45.652Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:19:58.018Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46845", "datePublished": "2025-06-10T22:19:58.018Z", "dateReserved": "2025-04-30T20:47:54.945Z", "dateUpdated": "2025-06-11T18:06:45.652Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47007 (GCVE-0-2025-47007)
Vulnerability from cvelistv5
Published
2025-06-10 22:18
Modified
2025-06-11 14:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47007", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:08:42.419147Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:55:17.481Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:18:03.820Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47007", "datePublished": "2025-06-10T22:18:03.820Z", "dateReserved": "2025-04-30T20:47:54.992Z", "dateUpdated": "2025-06-11T14:55:17.481Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47035 (GCVE-0-2025-47035)
Vulnerability from cvelistv5
Published
2025-06-10 22:17
Modified
2025-06-11 14:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (DOM-based XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47035", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:10:33.641930Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:59:21.198Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:17:33.409Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47035", "datePublished": "2025-06-10T22:17:33.409Z", "dateReserved": "2025-04-30T20:47:54.996Z", "dateUpdated": "2025-06-11T14:59:21.198Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46882 (GCVE-0-2025-46882)
Vulnerability from cvelistv5
Published
2025-06-10 22:20
Modified
2025-06-11 15:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46882", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T15:08:32.082871Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T15:08:52.583Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:20:18.783Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46882", "datePublished": "2025-06-10T22:20:18.783Z", "dateReserved": "2025-04-30T20:47:54.952Z", "dateUpdated": "2025-06-11T15:08:52.583Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47063 (GCVE-0-2025-47063)
Vulnerability from cvelistv5
Published
2025-06-10 22:18
Modified
2025-06-11 14:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (DOM-based XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47063", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:08:27.335228Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:54:51.188Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:18:06.144Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47063", "datePublished": "2025-06-10T22:18:06.144Z", "dateReserved": "2025-04-30T20:47:54.998Z", "dateUpdated": "2025-06-11T14:54:51.188Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47094 (GCVE-0-2025-47094)
Vulnerability from cvelistv5
Published
2025-06-10 22:18
Modified
2025-06-11 14:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Reflected XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47094", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:04:15.300799Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:49:33.481Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim\u0027s browser." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 6.1, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 6.1, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Reflected XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:18:41.730Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47094", "datePublished": "2025-06-10T22:18:41.730Z", "dateReserved": "2025-04-30T20:47:55.000Z", "dateUpdated": "2025-06-11T14:49:33.481Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47079 (GCVE-0-2025-47079)
Vulnerability from cvelistv5
Published
2025-06-10 22:19
Modified
2025-06-11 14:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47079", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T13:59:03.764398Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:43:26.202Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:19:23.996Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47079", "datePublished": "2025-06-10T22:19:23.996Z", "dateReserved": "2025-04-30T20:47:54.999Z", "dateUpdated": "2025-06-11T14:43:26.202Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47027 (GCVE-0-2025-47027)
Vulnerability from cvelistv5
Published
2025-06-10 22:19
Modified
2025-06-11 14:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (DOM-based XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47027", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T13:57:08.361442Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:39:34.565Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:19:51.413Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47027", "datePublished": "2025-06-10T22:19:51.413Z", "dateReserved": "2025-04-30T20:47:54.996Z", "dateUpdated": "2025-06-11T14:39:34.565Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47047 (GCVE-0-2025-47047)
Vulnerability from cvelistv5
Published
2025-06-10 22:18
Modified
2025-06-11 14:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (DOM-based XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47047", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:06:51.510391Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:52:55.159Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:18:19.338Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47047", "datePublished": "2025-06-10T22:18:19.338Z", "dateReserved": "2025-04-30T20:47:54.997Z", "dateUpdated": "2025-06-11T14:52:55.159Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46903 (GCVE-0-2025-46903)
Vulnerability from cvelistv5
Published
2025-06-10 22:19
Modified
2025-06-11 17:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46903", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T17:31:29.437523Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T17:38:22.050Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:19:59.755Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46903", "datePublished": "2025-06-10T22:19:59.755Z", "dateReserved": "2025-04-30T20:47:54.955Z", "dateUpdated": "2025-06-11T17:38:22.050Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46949 (GCVE-0-2025-46949)
Vulnerability from cvelistv5
Published
2025-06-10 22:20
Modified
2025-06-11 14:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46949", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T13:55:51.187875Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:38:05.235Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:20:11.597Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46949", "datePublished": "2025-06-10T22:20:11.597Z", "dateReserved": "2025-04-30T20:47:54.978Z", "dateUpdated": "2025-06-11T14:38:05.235Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47081 (GCVE-0-2025-47081)
Vulnerability from cvelistv5
Published
2025-06-10 22:18
Modified
2025-06-11 14:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47081", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:02:28.033658Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:47:31.252Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:18:57.818Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47081", "datePublished": "2025-06-10T22:18:57.818Z", "dateReserved": "2025-04-30T20:47:54.999Z", "dateUpdated": "2025-06-11T14:47:31.252Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46940 (GCVE-0-2025-46940)
Vulnerability from cvelistv5
Published
2025-06-10 22:18
Modified
2025-06-11 14:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46940", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:07:59.284823Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:54:18.588Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:18:09.992Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46940", "datePublished": "2025-06-10T22:18:09.992Z", "dateReserved": "2025-04-30T20:47:54.972Z", "dateUpdated": "2025-06-11T14:54:18.588Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46860 (GCVE-0-2025-46860)
Vulnerability from cvelistv5
Published
2025-06-10 22:19
Modified
2025-06-11 14:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46860", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:02:06.029334Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:47:07.115Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:19:01.117Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46860", "datePublished": "2025-06-10T22:19:01.117Z", "dateReserved": "2025-04-30T20:47:54.947Z", "dateUpdated": "2025-06-11T14:47:07.115Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47114 (GCVE-0-2025-47114)
Vulnerability from cvelistv5
Published
2025-06-10 22:19
Modified
2025-06-11 15:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47114", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T15:17:07.759777Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T15:17:32.131Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:19:56.441Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47114", "datePublished": "2025-06-10T22:19:56.441Z", "dateReserved": "2025-04-30T20:47:55.001Z", "dateUpdated": "2025-06-11T15:17:32.131Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46877 (GCVE-0-2025-46877)
Vulnerability from cvelistv5
Published
2025-06-10 22:17
Modified
2025-06-11 14:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (DOM-based XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46877", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:09:59.767882Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:58:41.060Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:17:37.987Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46877", "datePublished": "2025-06-10T22:17:37.987Z", "dateReserved": "2025-04-30T20:47:54.952Z", "dateUpdated": "2025-06-11T14:58:41.060Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46933 (GCVE-0-2025-46933)
Vulnerability from cvelistv5
Published
2025-06-10 22:17
Modified
2025-06-11 14:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46933", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:09:06.199996Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:57:32.556Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:17:59.520Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46933", "datePublished": "2025-06-10T22:17:59.520Z", "dateReserved": "2025-04-30T20:47:54.969Z", "dateUpdated": "2025-06-11T14:57:32.556Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46955 (GCVE-0-2025-46955)
Vulnerability from cvelistv5
Published
2025-06-10 22:18
Modified
2025-06-11 14:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (DOM-based XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46955", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:08:15.284561Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:54:37.578Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:18:07.749Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46955", "datePublished": "2025-06-10T22:18:07.749Z", "dateReserved": "2025-04-30T20:47:54.981Z", "dateUpdated": "2025-06-11T14:54:37.578Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47045 (GCVE-0-2025-47045)
Vulnerability from cvelistv5
Published
2025-06-10 22:19
Modified
2025-06-11 15:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (DOM-based XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47045", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T15:33:25.149244Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T15:58:13.739Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:19:45.167Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47045", "datePublished": "2025-06-10T22:19:45.167Z", "dateReserved": "2025-04-30T20:47:54.997Z", "dateUpdated": "2025-06-11T15:58:13.739Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47070 (GCVE-0-2025-47070)
Vulnerability from cvelistv5
Published
2025-06-10 22:19
Modified
2025-06-11 14:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47070", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T13:58:52.205501Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:41:14.092Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:19:24.779Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47070", "datePublished": "2025-06-10T22:19:24.779Z", "dateReserved": "2025-04-30T20:47:54.999Z", "dateUpdated": "2025-06-11T14:41:14.092Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46934 (GCVE-0-2025-46934)
Vulnerability from cvelistv5
Published
2025-06-10 22:17
Modified
2025-06-11 14:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46934", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:10:23.401816Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:59:09.260Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:17:34.895Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46934", "datePublished": "2025-06-10T22:17:34.895Z", "dateReserved": "2025-04-30T20:47:54.969Z", "dateUpdated": "2025-06-11T14:59:09.260Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46863 (GCVE-0-2025-46863)
Vulnerability from cvelistv5
Published
2025-06-10 22:18
Modified
2025-06-11 14:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46863", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:07:10.301566Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:53:15.081Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:18:17.079Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46863", "datePublished": "2025-06-10T22:18:17.079Z", "dateReserved": "2025-04-30T20:47:54.947Z", "dateUpdated": "2025-06-11T14:53:15.081Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46986 (GCVE-0-2025-46986)
Vulnerability from cvelistv5
Published
2025-06-10 22:18
Modified
2025-06-11 14:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46986", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:02:43.503301Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:47:48.654Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:18:55.472Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46986", "datePublished": "2025-06-10T22:18:55.472Z", "dateReserved": "2025-04-30T20:47:54.987Z", "dateUpdated": "2025-06-11T14:47:48.654Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46898 (GCVE-0-2025-46898)
Vulnerability from cvelistv5
Published
2025-06-10 22:18
Modified
2025-06-11 14:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (DOM-based XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46898", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:02:48.717330Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:47:54.243Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:18:54.630Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46898", "datePublished": "2025-06-10T22:18:54.630Z", "dateReserved": "2025-04-30T20:47:54.954Z", "dateUpdated": "2025-06-11T14:47:54.243Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46976 (GCVE-0-2025-46976)
Vulnerability from cvelistv5
Published
2025-06-10 22:20
Modified
2025-06-11 14:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (DOM-based XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46976", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T13:56:31.133468Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:38:45.109Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:20:06.394Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46976", "datePublished": "2025-06-10T22:20:06.394Z", "dateReserved": "2025-04-30T20:47:54.984Z", "dateUpdated": "2025-06-11T14:38:45.109Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46912 (GCVE-0-2025-46912)
Vulnerability from cvelistv5
Published
2025-06-10 22:17
Modified
2025-06-11 14:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46912", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:07:20.425983Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:21:00.271Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:17:32.616Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46912", "datePublished": "2025-06-10T22:17:32.616Z", "dateReserved": "2025-04-30T20:47:54.958Z", "dateUpdated": "2025-06-11T14:21:00.271Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47005 (GCVE-0-2025-47005)
Vulnerability from cvelistv5
Published
2025-06-10 22:19
Modified
2025-06-11 14:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (DOM-based XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47005", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:01:22.736174Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:46:13.128Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:19:07.064Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47005", "datePublished": "2025-06-10T22:19:07.064Z", "dateReserved": "2025-04-30T20:47:54.992Z", "dateUpdated": "2025-06-11T14:46:13.128Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47029 (GCVE-0-2025-47029)
Vulnerability from cvelistv5
Published
2025-06-10 22:20
Modified
2025-06-11 14:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47029", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T13:55:04.343929Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:37:09.839Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:20:27.149Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47029", "datePublished": "2025-06-10T22:20:27.149Z", "dateReserved": "2025-04-30T20:47:54.996Z", "dateUpdated": "2025-06-11T14:37:09.839Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46953 (GCVE-0-2025-46953)
Vulnerability from cvelistv5
Published
2025-06-10 22:18
Modified
2025-07-14 20:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Scope is changed.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46953", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:03:17.215963Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:48:28.718Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field. Scope is changed." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-07-14T20:34:01.723Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46953", "datePublished": "2025-06-10T22:18:50.645Z", "dateReserved": "2025-04-30T20:47:54.979Z", "dateUpdated": "2025-07-14T20:34:01.723Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46960 (GCVE-0-2025-46960)
Vulnerability from cvelistv5
Published
2025-06-10 22:17
Modified
2025-06-11 14:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46960", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:10:28.383099Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:59:15.662Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:17:34.154Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46960", "datePublished": "2025-06-10T22:17:34.154Z", "dateReserved": "2025-04-30T20:47:54.982Z", "dateUpdated": "2025-06-11T14:59:15.662Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46844 (GCVE-0-2025-46844)
Vulnerability from cvelistv5
Published
2025-06-10 22:17
Modified
2025-06-11 14:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46844", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:06:55.487965Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:20:06.692Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:17:51.719Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46844", "datePublished": "2025-06-10T22:17:51.719Z", "dateReserved": "2025-04-30T20:47:54.945Z", "dateUpdated": "2025-06-11T14:20:06.692Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46909 (GCVE-0-2025-46909)
Vulnerability from cvelistv5
Published
2025-06-10 22:19
Modified
2025-06-11 14:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46909", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:00:22.250049Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:44:58.419Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:19:15.686Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46909", "datePublished": "2025-06-10T22:19:15.686Z", "dateReserved": "2025-04-30T20:47:54.957Z", "dateUpdated": "2025-06-11T14:44:58.419Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47039 (GCVE-0-2025-47039)
Vulnerability from cvelistv5
Published
2025-06-10 22:19
Modified
2025-06-11 14:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (DOM-based XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47039", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T13:58:23.289505Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:40:48.412Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:19:35.065Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47039", "datePublished": "2025-06-10T22:19:35.065Z", "dateReserved": "2025-04-30T20:47:54.997Z", "dateUpdated": "2025-06-11T14:40:48.412Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46854 (GCVE-0-2025-46854)
Vulnerability from cvelistv5
Published
2025-06-10 22:19
Modified
2025-06-11 14:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (DOM-based XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46854", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:00:16.493410Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:44:51.047Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:19:16.500Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46854", "datePublished": "2025-06-10T22:19:16.500Z", "dateReserved": "2025-04-30T20:47:54.946Z", "dateUpdated": "2025-06-11T14:44:51.047Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46972 (GCVE-0-2025-46972)
Vulnerability from cvelistv5
Published
2025-06-10 22:17
Modified
2025-06-11 14:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (DOM-based XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46972", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:07:08.665984Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:20:34.123Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:17:47.888Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46972", "datePublished": "2025-06-10T22:17:47.888Z", "dateReserved": "2025-04-30T20:47:54.984Z", "dateUpdated": "2025-06-11T14:20:34.123Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47026 (GCVE-0-2025-47026)
Vulnerability from cvelistv5
Published
2025-06-10 22:19
Modified
2025-06-11 18:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47026", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T18:08:30.083261Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T18:08:58.883Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:19:44.364Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47026", "datePublished": "2025-06-10T22:19:44.364Z", "dateReserved": "2025-04-30T20:47:54.995Z", "dateUpdated": "2025-06-11T18:08:58.883Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47085 (GCVE-0-2025-47085)
Vulnerability from cvelistv5
Published
2025-06-10 22:20
Modified
2025-06-11 14:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47085", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T13:56:35.559786Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:38:51.957Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:20:05.589Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47085", "datePublished": "2025-06-10T22:20:05.589Z", "dateReserved": "2025-04-30T20:47:55.000Z", "dateUpdated": "2025-06-11T14:38:51.957Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47065 (GCVE-0-2025-47065)
Vulnerability from cvelistv5
Published
2025-06-10 22:20
Modified
2025-06-11 14:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47065", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:26:07.475452Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:40:47.424Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:20:29.067Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47065", "datePublished": "2025-06-10T22:20:29.067Z", "dateReserved": "2025-04-30T20:47:54.998Z", "dateUpdated": "2025-06-11T14:40:47.424Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46977 (GCVE-0-2025-46977)
Vulnerability from cvelistv5
Published
2025-06-10 22:18
Modified
2025-06-11 14:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (DOM-based XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46977", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:07:20.827929Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:53:28.541Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:18:15.517Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46977", "datePublished": "2025-06-10T22:18:15.517Z", "dateReserved": "2025-04-30T20:47:54.985Z", "dateUpdated": "2025-06-11T14:53:28.541Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46951 (GCVE-0-2025-46951)
Vulnerability from cvelistv5
Published
2025-06-10 22:20
Modified
2025-06-11 14:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46951", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:57:15.004233Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:57:24.770Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:20:25.046Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46951", "datePublished": "2025-06-10T22:20:25.046Z", "dateReserved": "2025-04-30T20:47:54.979Z", "dateUpdated": "2025-06-11T14:57:24.770Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47060 (GCVE-0-2025-47060)
Vulnerability from cvelistv5
Published
2025-06-10 22:20
Modified
2025-06-11 14:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47060", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T13:55:09.718539Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:37:18.570Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:20:26.369Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47060", "datePublished": "2025-06-10T22:20:26.369Z", "dateReserved": "2025-04-30T20:47:54.998Z", "dateUpdated": "2025-06-11T14:37:18.570Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47016 (GCVE-0-2025-47016)
Vulnerability from cvelistv5
Published
2025-06-10 22:20
Modified
2025-06-11 15:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47016", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T15:10:18.022644Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T15:11:06.145Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:20:17.193Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47016", "datePublished": "2025-06-10T22:20:17.193Z", "dateReserved": "2025-04-30T20:47:54.994Z", "dateUpdated": "2025-06-11T15:11:06.145Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47036 (GCVE-0-2025-47036)
Vulnerability from cvelistv5
Published
2025-06-10 22:19
Modified
2025-06-11 18:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (DOM-based XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47036", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T18:20:09.592836Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T18:20:57.068Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:19:31.010Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47036", "datePublished": "2025-06-10T22:19:31.010Z", "dateReserved": "2025-04-30T20:47:54.996Z", "dateUpdated": "2025-06-11T18:20:57.068Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46946 (GCVE-0-2025-46946)
Vulnerability from cvelistv5
Published
2025-06-10 22:18
Modified
2025-06-11 14:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46946", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:04:03.472167Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:49:22.711Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:18:43.223Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46946", "datePublished": "2025-06-10T22:18:43.223Z", "dateReserved": "2025-04-30T20:47:54.977Z", "dateUpdated": "2025-06-11T14:49:22.711Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46840 (GCVE-0-2025-46840)
Vulnerability from cvelistv5
Published
2025-06-10 22:18
Modified
2025-06-12 03:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-285 - Improper Authorization ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. A low privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue requires user interaction. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46840", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T00:00:00+00:00", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-12T03:55:09.562Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. A low privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue requires user interaction. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 8.7, "environmentalSeverity": "HIGH", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "HIGH", "modifiedIntegrityImpact": "HIGH", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 8.7, "temporalSeverity": "HIGH", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-285", "description": "Improper Authorization (CWE-285)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:18:33.290Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Improper Authorization (CWE-285)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46840", "datePublished": "2025-06-10T22:18:33.290Z", "dateReserved": "2025-04-30T20:47:54.945Z", "dateUpdated": "2025-06-12T03:55:09.562Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46966 (GCVE-0-2025-46966)
Vulnerability from cvelistv5
Published
2025-06-10 22:17
Modified
2025-06-11 14:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (DOM-based XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46966", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:09:21.660899Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:57:52.689Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:17:44.055Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46966", "datePublished": "2025-06-10T22:17:44.055Z", "dateReserved": "2025-04-30T20:47:54.983Z", "dateUpdated": "2025-06-11T14:57:52.689Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47022 (GCVE-0-2025-47022)
Vulnerability from cvelistv5
Published
2025-06-10 22:19
Modified
2025-06-11 14:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (DOM-based XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47022", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:01:44.063784Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:46:40.057Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:19:03.989Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47022", "datePublished": "2025-06-10T22:19:03.989Z", "dateReserved": "2025-04-30T20:47:54.995Z", "dateUpdated": "2025-06-11T14:46:40.057Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47050 (GCVE-0-2025-47050)
Vulnerability from cvelistv5
Published
2025-06-10 22:20
Modified
2025-06-11 14:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (DOM-based XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47050", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T13:56:21.276567Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:38:32.434Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:20:08.089Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47050", "datePublished": "2025-06-10T22:20:08.089Z", "dateReserved": "2025-04-30T20:47:54.997Z", "dateUpdated": "2025-06-11T14:38:32.434Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46958 (GCVE-0-2025-46958)
Vulnerability from cvelistv5
Published
2025-08-05 14:32
Modified
2025-08-05 14:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46958", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-08-05T14:52:47.539522Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-08-05T14:53:00.938Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-08-05T14:32:46.023Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46958", "datePublished": "2025-08-05T14:32:46.023Z", "dateReserved": "2025-04-30T20:47:54.982Z", "dateUpdated": "2025-08-05T14:53:00.938Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47030 (GCVE-0-2025-47030)
Vulnerability from cvelistv5
Published
2025-06-10 22:18
Modified
2025-06-11 14:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47030", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:05:45.448803Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:51:28.834Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:18:28.688Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47030", "datePublished": "2025-06-10T22:18:28.688Z", "dateReserved": "2025-04-30T20:47:54.996Z", "dateUpdated": "2025-06-11T14:51:28.834Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46892 (GCVE-0-2025-46892)
Vulnerability from cvelistv5
Published
2025-06-10 22:17
Modified
2025-06-11 14:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46892", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:09:54.760542Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:58:34.242Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:17:38.756Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46892", "datePublished": "2025-06-10T22:17:38.756Z", "dateReserved": "2025-04-30T20:47:54.953Z", "dateUpdated": "2025-06-11T14:58:34.242Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47015 (GCVE-0-2025-47015)
Vulnerability from cvelistv5
Published
2025-06-10 22:20
Modified
2025-06-11 14:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47015", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:42:17.793139Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:42:35.429Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:20:27.899Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47015", "datePublished": "2025-06-10T22:20:27.899Z", "dateReserved": "2025-04-30T20:47:54.994Z", "dateUpdated": "2025-06-11T14:42:35.429Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47041 (GCVE-0-2025-47041)
Vulnerability from cvelistv5
Published
2025-06-10 22:20
Modified
2025-06-11 14:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (DOM-based XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47041", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T13:55:32.375245Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:37:44.178Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:20:14.169Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47041", "datePublished": "2025-06-10T22:20:14.169Z", "dateReserved": "2025-04-30T20:47:54.997Z", "dateUpdated": "2025-06-11T14:37:44.178Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47067 (GCVE-0-2025-47067)
Vulnerability from cvelistv5
Published
2025-06-10 22:19
Modified
2025-06-11 14:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47067", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T13:57:12.816518Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:39:40.967Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:19:50.342Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47067", "datePublished": "2025-06-10T22:19:50.342Z", "dateReserved": "2025-04-30T20:47:54.998Z", "dateUpdated": "2025-06-11T14:39:40.967Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46859 (GCVE-0-2025-46859)
Vulnerability from cvelistv5
Published
2025-06-10 22:18
Modified
2025-06-11 14:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46859", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:05:35.241219Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:51:15.845Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:18:30.179Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46859", "datePublished": "2025-06-10T22:18:30.179Z", "dateReserved": "2025-04-30T20:47:54.947Z", "dateUpdated": "2025-06-11T14:51:15.845Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46995 (GCVE-0-2025-46995)
Vulnerability from cvelistv5
Published
2025-06-10 22:20
Modified
2025-06-11 13:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46995", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T13:39:08.990007Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T13:41:52.681Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:20:35.818Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46995", "datePublished": "2025-06-10T22:20:35.818Z", "dateReserved": "2025-04-30T20:47:54.990Z", "dateUpdated": "2025-06-11T13:41:52.681Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46895 (GCVE-0-2025-46895)
Vulnerability from cvelistv5
Published
2025-06-10 22:19
Modified
2025-06-11 18:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46895", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T18:12:26.975770Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T18:13:37.986Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:19:42.828Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46895", "datePublished": "2025-06-10T22:19:42.828Z", "dateReserved": "2025-04-30T20:47:54.954Z", "dateUpdated": "2025-06-11T18:13:37.986Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46848 (GCVE-0-2025-46848)
Vulnerability from cvelistv5
Published
2025-06-10 22:19
Modified
2025-06-11 14:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (DOM-based XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46848", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T13:58:02.782163Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:40:25.906Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:19:37.405Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46848", "datePublished": "2025-06-10T22:19:37.405Z", "dateReserved": "2025-04-30T20:47:54.945Z", "dateUpdated": "2025-06-11T14:40:25.906Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46910 (GCVE-0-2025-46910)
Vulnerability from cvelistv5
Published
2025-06-10 22:20
Modified
2025-06-11 17:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46910", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T17:21:33.467798Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T17:22:35.598Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:20:00.863Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46910", "datePublished": "2025-06-10T22:20:00.863Z", "dateReserved": "2025-04-30T20:47:54.957Z", "dateUpdated": "2025-06-11T17:22:35.598Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47093 (GCVE-0-2025-47093)
Vulnerability from cvelistv5
Published
2025-06-10 22:17
Modified
2025-06-11 14:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47093", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:10:05.269778Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:58:48.966Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:17:37.246Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47093", "datePublished": "2025-06-10T22:17:37.246Z", "dateReserved": "2025-04-30T20:47:55.000Z", "dateUpdated": "2025-06-11T14:58:48.966Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46841 (GCVE-0-2025-46841)
Vulnerability from cvelistv5
Published
2025-06-10 22:19
Modified
2025-06-11 14:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46841", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T13:59:11.130224Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:43:35.649Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:19:23.185Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46841", "datePublished": "2025-06-10T22:19:23.185Z", "dateReserved": "2025-04-30T20:47:54.945Z", "dateUpdated": "2025-06-11T14:43:35.649Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46911 (GCVE-0-2025-46911)
Vulnerability from cvelistv5
Published
2025-06-10 22:18
Modified
2025-06-11 14:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46911", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:08:32.275198Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:54:59.047Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 4.8, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "HIGH", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "HIGH", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 4.8, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:18:05.391Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46911", "datePublished": "2025-06-10T22:18:05.391Z", "dateReserved": "2025-04-30T20:47:54.957Z", "dateUpdated": "2025-06-11T14:54:59.047Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47040 (GCVE-0-2025-47040)
Vulnerability from cvelistv5
Published
2025-06-10 22:19
Modified
2025-06-11 14:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (DOM-based XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47040", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T13:56:40.710479Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:38:58.576Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:19:55.675Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47040", "datePublished": "2025-06-10T22:19:55.675Z", "dateReserved": "2025-04-30T20:47:54.997Z", "dateUpdated": "2025-06-11T14:38:58.576Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46873 (GCVE-0-2025-46873)
Vulnerability from cvelistv5
Published
2025-06-10 22:18
Modified
2025-06-11 14:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46873", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:04:51.402638Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:50:23.048Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:18:36.367Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46873", "datePublished": "2025-06-10T22:18:36.367Z", "dateReserved": "2025-04-30T20:47:54.950Z", "dateUpdated": "2025-06-11T14:50:23.048Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46878 (GCVE-0-2025-46878)
Vulnerability from cvelistv5
Published
2025-06-10 22:20
Modified
2025-06-11 14:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46878", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T13:55:20.353417Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:37:31.804Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:20:15.681Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46878", "datePublished": "2025-06-10T22:20:15.681Z", "dateReserved": "2025-04-30T20:47:54.952Z", "dateUpdated": "2025-06-11T14:37:31.804Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46883 (GCVE-0-2025-46883)
Vulnerability from cvelistv5
Published
2025-06-10 22:17
Modified
2025-06-11 14:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46883", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:06:48.797526Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:19:48.222Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:17:55.077Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46883", "datePublished": "2025-06-10T22:17:55.077Z", "dateReserved": "2025-04-30T20:47:54.952Z", "dateUpdated": "2025-06-11T14:19:48.222Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47117 (GCVE-0-2025-47117)
Vulnerability from cvelistv5
Published
2025-06-10 22:17
Modified
2025-06-11 14:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (DOM-based XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47117", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:09:26.989755Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:57:58.813Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:17:42.547Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47117", "datePublished": "2025-06-10T22:17:42.547Z", "dateReserved": "2025-04-30T20:47:55.002Z", "dateUpdated": "2025-06-11T14:57:58.813Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46967 (GCVE-0-2025-46967)
Vulnerability from cvelistv5
Published
2025-06-10 22:18
Modified
2025-06-11 14:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46967", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:04:46.565944Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:50:16.800Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:18:37.118Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46967", "datePublished": "2025-06-10T22:18:37.118Z", "dateReserved": "2025-04-30T20:47:54.983Z", "dateUpdated": "2025-06-11T14:50:16.800Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46965 (GCVE-0-2025-46965)
Vulnerability from cvelistv5
Published
2025-06-10 22:19
Modified
2025-06-11 14:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46965", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:00:48.625376Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:45:31.234Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:19:11.758Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46965", "datePublished": "2025-06-10T22:19:11.758Z", "dateReserved": "2025-04-30T20:47:54.983Z", "dateUpdated": "2025-06-11T14:45:31.234Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47073 (GCVE-0-2025-47073)
Vulnerability from cvelistv5
Published
2025-06-10 22:20
Modified
2025-06-11 14:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47073", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T13:55:26.642820Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:37:38.071Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:20:14.925Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47073", "datePublished": "2025-06-10T22:20:14.925Z", "dateReserved": "2025-04-30T20:47:54.999Z", "dateUpdated": "2025-06-11T14:37:38.071Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47088 (GCVE-0-2025-47088)
Vulnerability from cvelistv5
Published
2025-06-10 22:17
Modified
2025-06-11 14:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47088", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:06:46.379716Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:19:42.580Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:17:55.848Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47088", "datePublished": "2025-06-10T22:17:55.848Z", "dateReserved": "2025-04-30T20:47:55.000Z", "dateUpdated": "2025-06-11T14:19:42.580Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46838 (GCVE-0-2025-46838)
Vulnerability from cvelistv5
Published
2025-06-10 22:20
Modified
2025-06-11 14:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (DOM-based XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46838", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T13:55:39.167576Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:37:50.911Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:20:13.260Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46838", "datePublished": "2025-06-10T22:20:13.260Z", "dateReserved": "2025-04-30T20:47:54.944Z", "dateUpdated": "2025-06-11T14:37:50.911Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46887 (GCVE-0-2025-46887)
Vulnerability from cvelistv5
Published
2025-06-10 22:19
Modified
2025-06-11 15:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46887", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T15:32:36.728286Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T15:32:46.174Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:19:45.901Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46887", "datePublished": "2025-06-10T22:19:45.901Z", "dateReserved": "2025-04-30T20:47:54.953Z", "dateUpdated": "2025-06-11T15:32:46.174Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46942 (GCVE-0-2025-46942)
Vulnerability from cvelistv5
Published
2025-06-10 22:20
Modified
2025-06-11 14:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46942", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T13:55:44.939602Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:37:57.450Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:20:12.382Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46942", "datePublished": "2025-06-10T22:20:12.382Z", "dateReserved": "2025-04-30T20:47:54.976Z", "dateUpdated": "2025-06-11T14:37:57.450Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47051 (GCVE-0-2025-47051)
Vulnerability from cvelistv5
Published
2025-06-10 22:17
Modified
2025-06-11 14:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (DOM-based XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47051", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:07:13.259452Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:20:44.995Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:17:46.357Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47051", "datePublished": "2025-06-10T22:17:46.357Z", "dateReserved": "2025-04-30T20:47:54.997Z", "dateUpdated": "2025-06-11T14:20:44.995Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46864 (GCVE-0-2025-46864)
Vulnerability from cvelistv5
Published
2025-06-10 22:18
Modified
2025-06-11 14:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46864", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:06:14.498895Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:52:07.629Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:18:24.930Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46864", "datePublished": "2025-06-10T22:18:24.930Z", "dateReserved": "2025-04-30T20:47:54.947Z", "dateUpdated": "2025-06-11T14:52:07.629Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46865 (GCVE-0-2025-46865)
Vulnerability from cvelistv5
Published
2025-06-10 22:17
Modified
2025-06-11 14:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (DOM-based XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46865", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:09:16.519008Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:57:46.804Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:17:52.452Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46865", "datePublished": "2025-06-10T22:17:52.452Z", "dateReserved": "2025-04-30T20:47:54.947Z", "dateUpdated": "2025-06-11T14:57:46.804Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46907 (GCVE-0-2025-46907)
Vulnerability from cvelistv5
Published
2025-06-10 22:17
Modified
2025-06-11 14:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46907", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:06:59.990391Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:20:17.257Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:17:50.173Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46907", "datePublished": "2025-06-10T22:17:50.173Z", "dateReserved": "2025-04-30T20:47:54.957Z", "dateUpdated": "2025-06-11T14:20:17.257Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46893 (GCVE-0-2025-46893)
Vulnerability from cvelistv5
Published
2025-06-10 22:18
Modified
2025-06-11 14:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46893", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:02:53.637961Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:48:01.977Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:18:53.847Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46893", "datePublished": "2025-06-10T22:18:53.847Z", "dateReserved": "2025-04-30T20:47:54.953Z", "dateUpdated": "2025-06-11T14:48:01.977Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46950 (GCVE-0-2025-46950)
Vulnerability from cvelistv5
Published
2025-06-10 22:17
Modified
2025-06-11 14:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46950", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:09:32.569771Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:58:06.061Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:17:41.783Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46950", "datePublished": "2025-06-10T22:17:41.783Z", "dateReserved": "2025-04-30T20:47:54.979Z", "dateUpdated": "2025-06-11T14:58:06.061Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46927 (GCVE-0-2025-46927)
Vulnerability from cvelistv5
Published
2025-06-10 22:19
Modified
2025-06-11 14:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46927", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:00:26.995892Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:45:05.889Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:19:14.884Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46927", "datePublished": "2025-06-10T22:19:14.884Z", "dateReserved": "2025-04-30T20:47:54.967Z", "dateUpdated": "2025-06-11T14:45:05.889Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46855 (GCVE-0-2025-46855)
Vulnerability from cvelistv5
Published
2025-06-10 22:19
Modified
2025-06-11 19:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46855", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T19:10:01.274639Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T19:11:06.823Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:19:27.133Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46855", "datePublished": "2025-06-10T22:19:27.133Z", "dateReserved": "2025-04-30T20:47:54.946Z", "dateUpdated": "2025-06-11T19:11:06.823Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46858 (GCVE-0-2025-46858)
Vulnerability from cvelistv5
Published
2025-06-10 22:18
Modified
2025-06-11 14:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46858", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:07:15.963310Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:53:21.165Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:18:16.328Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46858", "datePublished": "2025-06-10T22:18:16.328Z", "dateReserved": "2025-04-30T20:47:54.947Z", "dateUpdated": "2025-06-11T14:53:21.165Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47033 (GCVE-0-2025-47033)
Vulnerability from cvelistv5
Published
2025-06-10 22:18
Modified
2025-06-11 14:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (DOM-based XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47033", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:02:33.376516Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:47:37.186Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:18:57.037Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47033", "datePublished": "2025-06-10T22:18:57.037Z", "dateReserved": "2025-04-30T20:47:54.996Z", "dateUpdated": "2025-06-11T14:47:37.186Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47057 (GCVE-0-2025-47057)
Vulnerability from cvelistv5
Published
2025-06-10 22:20
Modified
2025-06-11 17:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (DOM-based XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47057", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T17:18:23.459259Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T17:18:31.090Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:20:01.693Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47057", "datePublished": "2025-06-10T22:20:01.693Z", "dateReserved": "2025-04-30T20:47:54.998Z", "dateUpdated": "2025-06-11T17:18:31.090Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46939 (GCVE-0-2025-46939)
Vulnerability from cvelistv5
Published
2025-06-10 22:19
Modified
2025-06-11 18:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46939", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T18:14:38.456720Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T18:14:53.734Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:19:32.592Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46939", "datePublished": "2025-06-10T22:19:32.592Z", "dateReserved": "2025-04-30T20:47:54.970Z", "dateUpdated": "2025-06-11T18:14:53.734Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46920 (GCVE-0-2025-46920)
Vulnerability from cvelistv5
Published
2025-06-10 22:18
Modified
2025-06-11 14:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46920", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:06:36.521392Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:52:35.251Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 4.6, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "UNCHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 4.6, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:18:21.629Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46920", "datePublished": "2025-06-10T22:18:21.629Z", "dateReserved": "2025-04-30T20:47:54.965Z", "dateUpdated": "2025-06-11T14:52:35.251Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46837 (GCVE-0-2025-46837)
Vulnerability from cvelistv5
Published
2025-06-10 22:17
Modified
2025-06-11 14:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46837", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:09:49.575299Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:58:27.065Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 8.7, "environmentalSeverity": "HIGH", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "HIGH", "modifiedIntegrityImpact": "HIGH", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 8.7, "temporalSeverity": "HIGH", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:17:39.487Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46837", "datePublished": "2025-06-10T22:17:39.487Z", "dateReserved": "2025-04-30T20:47:54.944Z", "dateUpdated": "2025-06-11T14:58:27.065Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46915 (GCVE-0-2025-46915)
Vulnerability from cvelistv5
Published
2025-06-10 22:19
Modified
2025-06-11 18:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46915", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T18:31:43.582520Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T18:32:11.813Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:19:30.238Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46915", "datePublished": "2025-06-10T22:19:30.238Z", "dateReserved": "2025-04-30T20:47:54.964Z", "dateUpdated": "2025-06-11T18:32:11.813Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47003 (GCVE-0-2025-47003)
Vulnerability from cvelistv5
Published
2025-06-10 22:17
Modified
2025-06-11 14:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47003", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:10:12.882132Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:58:54.750Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:17:36.434Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47003", "datePublished": "2025-06-10T22:17:36.434Z", "dateReserved": "2025-04-30T20:47:54.991Z", "dateUpdated": "2025-06-11T14:58:54.750Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47071 (GCVE-0-2025-47071)
Vulnerability from cvelistv5
Published
2025-06-10 22:19
Modified
2025-06-11 14:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47071", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T13:58:15.960713Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:40:40.259Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:19:35.820Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47071", "datePublished": "2025-06-10T22:19:35.820Z", "dateReserved": "2025-04-30T20:47:54.999Z", "dateUpdated": "2025-06-11T14:40:40.259Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47089 (GCVE-0-2025-47089)
Vulnerability from cvelistv5
Published
2025-06-10 22:18
Modified
2025-06-11 14:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47089", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:04:40.331323Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:50:11.105Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:18:37.871Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47089", "datePublished": "2025-06-10T22:18:37.871Z", "dateReserved": "2025-04-30T20:47:55.000Z", "dateUpdated": "2025-06-11T14:50:11.105Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46985 (GCVE-0-2025-46985)
Vulnerability from cvelistv5
Published
2025-06-10 22:20
Modified
2025-06-11 15:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46985", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T15:00:57.592614Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T15:02:39.098Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:20:24.253Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46985", "datePublished": "2025-06-10T22:20:24.253Z", "dateReserved": "2025-04-30T20:47:54.987Z", "dateUpdated": "2025-06-11T15:02:39.098Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47102 (GCVE-0-2025-47102)
Vulnerability from cvelistv5
This CVE ID was issued in error by its CVE Numbering Authority and does not represent a valid vulnerability.
Show details on NVD website{ "containers": { "cna": { "providerMetadata": { "dateUpdated": "2025-06-10T23:27:31.651Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "rejectedReasons": [ { "lang": "en", "value": "This CVE ID was issued in error by its CVE Numbering Authority and does not represent a valid vulnerability." } ] } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47102", "datePublished": "2025-06-10T22:20:19.539Z", "dateRejected": "2025-06-10T23:27:31.651Z", "dateReserved": "2025-04-30T20:47:55.001Z", "dateUpdated": "2025-06-10T23:27:31.651Z", "state": "REJECTED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46989 (GCVE-0-2025-46989)
Vulnerability from cvelistv5
Published
2025-06-10 22:20
Modified
2025-06-11 14:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (DOM-based XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46989", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T13:55:56.364131Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:38:12.217Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:20:10.772Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46989", "datePublished": "2025-06-10T22:20:10.772Z", "dateReserved": "2025-04-30T20:47:54.988Z", "dateUpdated": "2025-06-11T14:38:12.217Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46997 (GCVE-0-2025-46997)
Vulnerability from cvelistv5
Published
2025-06-10 22:20
Modified
2025-06-11 14:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46997", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:43:30.811964Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:52:31.843Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:20:21.063Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46997", "datePublished": "2025-06-10T22:20:21.063Z", "dateReserved": "2025-04-30T20:47:54.990Z", "dateUpdated": "2025-06-11T14:52:31.843Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46861 (GCVE-0-2025-46861)
Vulnerability from cvelistv5
Published
2025-06-10 22:18
Modified
2025-06-11 14:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46861", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:03:26.947120Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:48:41.076Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:18:49.111Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46861", "datePublished": "2025-06-10T22:18:49.111Z", "dateReserved": "2025-04-30T20:47:54.947Z", "dateUpdated": "2025-06-11T14:48:41.076Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46871 (GCVE-0-2025-46871)
Vulnerability from cvelistv5
Published
2025-06-10 22:19
Modified
2025-06-11 18:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46871", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T18:15:26.915726Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T18:16:28.677Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:19:31.801Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46871", "datePublished": "2025-06-10T22:19:31.801Z", "dateReserved": "2025-04-30T20:47:54.950Z", "dateUpdated": "2025-06-11T18:16:28.677Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46905 (GCVE-0-2025-46905)
Vulnerability from cvelistv5
Published
2025-06-10 22:20
Modified
2025-06-11 14:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46905", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T13:56:08.692659Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:38:25.976Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:20:09.214Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46905", "datePublished": "2025-06-10T22:20:09.214Z", "dateReserved": "2025-04-30T20:47:54.956Z", "dateUpdated": "2025-06-11T14:38:25.976Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46943 (GCVE-0-2025-46943)
Vulnerability from cvelistv5
Published
2025-06-10 22:18
Modified
2025-06-11 14:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46943", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:03:52.704138Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:49:10.942Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:18:45.198Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46943", "datePublished": "2025-06-10T22:18:45.198Z", "dateReserved": "2025-04-30T20:47:54.976Z", "dateUpdated": "2025-06-11T14:49:10.942Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46945 (GCVE-0-2025-46945)
Vulnerability from cvelistv5
Published
2025-06-10 22:19
Modified
2025-06-11 14:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46945", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:01:55.385704Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:46:48.673Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:19:03.130Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46945", "datePublished": "2025-06-10T22:19:03.130Z", "dateReserved": "2025-04-30T20:47:54.977Z", "dateUpdated": "2025-06-11T14:46:48.673Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46988 (GCVE-0-2025-46988)
Vulnerability from cvelistv5
Published
2025-06-10 22:19
Modified
2025-06-11 19:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (DOM-based XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46988", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T19:12:40.150557Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T19:14:35.267Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:19:39.668Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46988", "datePublished": "2025-06-10T22:19:39.668Z", "dateReserved": "2025-04-30T20:47:54.988Z", "dateUpdated": "2025-06-11T19:14:35.267Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46850 (GCVE-0-2025-46850)
Vulnerability from cvelistv5
Published
2025-06-10 22:19
Modified
2025-06-11 18:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46850", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T18:14:00.458542Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T18:14:14.223Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:19:33.390Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46850", "datePublished": "2025-06-10T22:19:33.390Z", "dateReserved": "2025-04-30T20:47:54.946Z", "dateUpdated": "2025-06-11T18:14:14.223Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46963 (GCVE-0-2025-46963)
Vulnerability from cvelistv5
Published
2025-06-10 22:18
Modified
2025-06-11 14:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (DOM-based XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46963", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:04:56.073415Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:50:29.021Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:18:35.611Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46963", "datePublished": "2025-06-10T22:18:35.611Z", "dateReserved": "2025-04-30T20:47:54.983Z", "dateUpdated": "2025-06-11T14:50:29.021Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47056 (GCVE-0-2025-47056)
Vulnerability from cvelistv5
Published
2025-06-10 22:19
Modified
2025-06-11 18:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (DOM-based XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47056", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T18:35:42.570220Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T18:36:04.599Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:19:29.434Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47056", "datePublished": "2025-06-10T22:19:29.434Z", "dateReserved": "2025-04-30T20:47:54.998Z", "dateUpdated": "2025-06-11T18:36:04.599Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47091 (GCVE-0-2025-47091)
Vulnerability from cvelistv5
Published
2025-06-10 22:20
Modified
2025-06-11 14:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47091", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:21:10.599680Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:21:35.152Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:20:30.113Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47091", "datePublished": "2025-06-10T22:20:30.113Z", "dateReserved": "2025-04-30T20:47:55.000Z", "dateUpdated": "2025-06-11T14:21:35.152Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46984 (GCVE-0-2025-46984)
Vulnerability from cvelistv5
Published
2025-06-10 22:17
Modified
2025-06-11 14:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (DOM-based XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46984", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:07:11.120272Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:20:39.728Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:17:47.123Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46984", "datePublished": "2025-06-10T22:17:47.123Z", "dateReserved": "2025-04-30T20:47:54.987Z", "dateUpdated": "2025-06-11T14:20:39.728Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46908 (GCVE-0-2025-46908)
Vulnerability from cvelistv5
Published
2025-06-10 22:17
Modified
2025-06-11 14:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46908", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:09:43.502192Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:58:20.734Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:17:40.248Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46908", "datePublished": "2025-06-10T22:17:40.248Z", "dateReserved": "2025-04-30T20:47:54.957Z", "dateUpdated": "2025-06-11T14:58:20.734Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46957 (GCVE-0-2025-46957)
Vulnerability from cvelistv5
Published
2025-06-10 22:19
Modified
2025-06-11 14:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46957", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T13:57:18.234029Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:39:47.797Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:19:49.583Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46957", "datePublished": "2025-06-10T22:19:49.583Z", "dateReserved": "2025-04-30T20:47:54.982Z", "dateUpdated": "2025-06-11T14:39:47.797Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46952 (GCVE-0-2025-46952)
Vulnerability from cvelistv5
Published
2025-06-10 22:19
Modified
2025-06-11 14:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46952", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:00:58.397272Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:45:45.174Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "UNCHANGED", "modifiedUserInteraction": "NONE", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:19:10.206Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46952", "datePublished": "2025-06-10T22:19:10.206Z", "dateReserved": "2025-04-30T20:47:54.979Z", "dateUpdated": "2025-06-11T14:45:45.174Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47014 (GCVE-0-2025-47014)
Vulnerability from cvelistv5
Published
2025-06-10 22:18
Modified
2025-06-11 14:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47014", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:03:47.666919Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:49:05.050Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:18:46.014Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47014", "datePublished": "2025-06-10T22:18:46.014Z", "dateReserved": "2025-04-30T20:47:54.994Z", "dateUpdated": "2025-06-11T14:49:05.050Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47002 (GCVE-0-2025-47002)
Vulnerability from cvelistv5
Published
2025-06-10 22:18
Modified
2025-06-11 14:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47002", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:04:29.719609Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:49:54.830Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:18:39.410Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47002", "datePublished": "2025-06-10T22:18:39.410Z", "dateReserved": "2025-04-30T20:47:54.991Z", "dateUpdated": "2025-06-11T14:49:54.830Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47011 (GCVE-0-2025-47011)
Vulnerability from cvelistv5
Published
2025-06-10 22:18
Modified
2025-06-11 14:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47011", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:07:42.439890Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:53:56.869Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:18:12.410Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47011", "datePublished": "2025-06-10T22:18:12.410Z", "dateReserved": "2025-04-30T20:47:54.994Z", "dateUpdated": "2025-06-11T14:53:56.869Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47078 (GCVE-0-2025-47078)
Vulnerability from cvelistv5
Published
2025-06-10 22:17
Modified
2025-06-11 14:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47078", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:07:06.429634Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:20:28.394Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:17:48.640Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47078", "datePublished": "2025-06-10T22:17:48.640Z", "dateReserved": "2025-04-30T20:47:54.999Z", "dateUpdated": "2025-06-11T14:20:28.394Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47061 (GCVE-0-2025-47061)
Vulnerability from cvelistv5
Published
2025-07-24 15:22
Modified
2025-07-24 15:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47061", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-07-24T15:37:45.470060Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-07-24T15:37:52.281Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-07-24T15:22:40.389Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47061", "datePublished": "2025-07-24T15:22:40.389Z", "dateReserved": "2025-04-30T20:47:54.998Z", "dateUpdated": "2025-07-24T15:37:52.281Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47031 (GCVE-0-2025-47031)
Vulnerability from cvelistv5
Published
2025-06-10 22:18
Modified
2025-06-11 14:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47031", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:04:09.819315Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:49:27.993Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:18:42.473Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47031", "datePublished": "2025-06-10T22:18:42.473Z", "dateReserved": "2025-04-30T20:47:54.996Z", "dateUpdated": "2025-06-11T14:49:27.993Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47048 (GCVE-0-2025-47048)
Vulnerability from cvelistv5
Published
2025-06-10 22:19
Modified
2025-06-11 14:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (DOM-based XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47048", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:02:11.180050Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:47:13.341Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:19:00.330Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47048", "datePublished": "2025-06-10T22:19:00.330Z", "dateReserved": "2025-04-30T20:47:54.997Z", "dateUpdated": "2025-06-11T14:47:13.341Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47086 (GCVE-0-2025-47086)
Vulnerability from cvelistv5
Published
2025-06-10 22:17
Modified
2025-06-11 14:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47086", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:07:18.212173Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:20:55.234Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:17:44.798Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47086", "datePublished": "2025-06-10T22:17:44.798Z", "dateReserved": "2025-04-30T20:47:55.000Z", "dateUpdated": "2025-06-11T14:20:55.234Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46983 (GCVE-0-2025-46983)
Vulnerability from cvelistv5
Published
2025-06-10 22:18
Modified
2025-06-11 14:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46983", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:03:06.555794Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:48:16.684Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:18:52.285Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46983", "datePublished": "2025-06-10T22:18:52.285Z", "dateReserved": "2025-04-30T20:47:54.987Z", "dateUpdated": "2025-06-11T14:48:16.684Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47052 (GCVE-0-2025-47052)
Vulnerability from cvelistv5
Published
2025-06-10 22:20
Modified
2025-06-11 13:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (DOM-based XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47052", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T13:45:53.188003Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T13:52:46.480Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:20:33.125Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47052", "datePublished": "2025-06-10T22:20:33.125Z", "dateReserved": "2025-04-30T20:47:54.997Z", "dateUpdated": "2025-06-11T13:52:46.480Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47092 (GCVE-0-2025-47092)
Vulnerability from cvelistv5
Published
2025-06-10 22:20
Modified
2025-06-11 17:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47092", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T17:17:20.023614Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T17:17:53.024Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:20:02.597Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47092", "datePublished": "2025-06-10T22:20:02.597Z", "dateReserved": "2025-04-30T20:47:55.000Z", "dateUpdated": "2025-06-11T17:17:53.024Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47032 (GCVE-0-2025-47032)
Vulnerability from cvelistv5
Published
2025-06-10 22:18
Modified
2025-06-11 14:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (DOM-based XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47032", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:03:22.186457Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:48:34.929Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:18:49.869Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47032", "datePublished": "2025-06-10T22:18:49.869Z", "dateReserved": "2025-04-30T20:47:54.996Z", "dateUpdated": "2025-06-11T14:48:34.929Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47082 (GCVE-0-2025-47082)
Vulnerability from cvelistv5
Published
2025-06-10 22:19
Modified
2025-06-11 14:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47082", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:01:04.101793Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:45:51.499Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:19:09.439Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47082", "datePublished": "2025-06-10T22:19:09.439Z", "dateReserved": "2025-04-30T20:47:54.999Z", "dateUpdated": "2025-06-11T14:45:51.499Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47069 (GCVE-0-2025-47069)
Vulnerability from cvelistv5
Published
2025-06-10 22:18
Modified
2025-06-11 14:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47069", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:02:22.547157Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:47:25.629Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:18:58.642Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47069", "datePublished": "2025-06-10T22:18:58.642Z", "dateReserved": "2025-04-30T20:47:54.999Z", "dateUpdated": "2025-06-11T14:47:25.629Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47115 (GCVE-0-2025-47115)
Vulnerability from cvelistv5
Published
2025-06-10 22:20
Modified
2025-06-11 15:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47115", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T15:16:20.454859Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T15:16:30.730Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:20:04.253Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47115", "datePublished": "2025-06-10T22:20:04.253Z", "dateReserved": "2025-04-30T20:47:55.001Z", "dateUpdated": "2025-06-11T15:16:30.730Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47077 (GCVE-0-2025-47077)
Vulnerability from cvelistv5
Published
2025-06-10 22:20
Modified
2025-06-11 14:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47077", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:18:18.003008Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:19:26.549Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:20:31.597Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47077", "datePublished": "2025-06-10T22:20:31.597Z", "dateReserved": "2025-04-30T20:47:54.999Z", "dateUpdated": "2025-06-11T14:19:26.549Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46874 (GCVE-0-2025-46874)
Vulnerability from cvelistv5
Published
2025-06-10 22:20
Modified
2025-06-11 15:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Reflected XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46874", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T15:03:11.973229Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T15:03:39.285Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim\u0027s browser." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Reflected XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:20:23.508Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46874", "datePublished": "2025-06-10T22:20:23.508Z", "dateReserved": "2025-04-30T20:47:54.951Z", "dateUpdated": "2025-06-11T15:03:39.285Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46990 (GCVE-0-2025-46990)
Vulnerability from cvelistv5
Published
2025-06-10 22:19
Modified
2025-06-11 18:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46990", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T18:09:24.815509Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T18:10:42.328Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:19:43.586Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46990", "datePublished": "2025-06-10T22:19:43.586Z", "dateReserved": "2025-04-30T20:47:54.989Z", "dateUpdated": "2025-06-11T18:10:42.328Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47113 (GCVE-0-2025-47113)
Vulnerability from cvelistv5
Published
2025-06-10 22:18
Modified
2025-06-11 14:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47113", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:06:56.853479Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:53:01.150Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:18:18.607Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47113", "datePublished": "2025-06-10T22:18:18.607Z", "dateReserved": "2025-04-30T20:47:55.001Z", "dateUpdated": "2025-06-11T14:53:01.150Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47025 (GCVE-0-2025-47025)
Vulnerability from cvelistv5
Published
2025-06-10 22:17
Modified
2025-06-11 14:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (DOM-based XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47025", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:06:41.638579Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:19:31.703Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:17:57.990Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47025", "datePublished": "2025-06-10T22:17:57.990Z", "dateReserved": "2025-04-30T20:47:54.995Z", "dateUpdated": "2025-06-11T14:19:31.703Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46947 (GCVE-0-2025-46947)
Vulnerability from cvelistv5
Published
2025-06-10 22:19
Modified
2025-06-11 14:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46947", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T13:57:40.928267Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:40:05.146Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:19:48.020Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46947", "datePublished": "2025-06-10T22:19:48.020Z", "dateReserved": "2025-04-30T20:47:54.978Z", "dateUpdated": "2025-06-11T14:40:05.146Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47066 (GCVE-0-2025-47066)
Vulnerability from cvelistv5
Published
2025-06-10 22:19
Modified
2025-06-11 19:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47066", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T18:55:30.742216Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T19:09:44.106Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:19:27.899Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47066", "datePublished": "2025-06-10T22:19:27.899Z", "dateReserved": "2025-04-30T20:47:54.998Z", "dateUpdated": "2025-06-11T19:09:44.106Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46923 (GCVE-0-2025-46923)
Vulnerability from cvelistv5
Published
2025-06-10 22:19
Modified
2025-06-11 19:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46923", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T19:18:59.271365Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T19:20:53.756Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:19:41.217Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46923", "datePublished": "2025-06-10T22:19:41.217Z", "dateReserved": "2025-04-30T20:47:54.965Z", "dateUpdated": "2025-06-11T19:20:53.756Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46872 (GCVE-0-2025-46872)
Vulnerability from cvelistv5
Published
2025-06-10 22:19
Modified
2025-06-11 14:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (DOM-based XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46872", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T13:58:41.070806Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:41:06.743Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:19:25.556Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46872", "datePublished": "2025-06-10T22:19:25.556Z", "dateReserved": "2025-04-30T20:47:54.950Z", "dateUpdated": "2025-06-11T14:41:06.743Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46959 (GCVE-0-2025-46959)
Vulnerability from cvelistv5
Published
2025-07-16 15:52
Modified
2025-07-18 14:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (DOM-based XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. A low privileged attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a specially crafted web page.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46959", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-07-18T14:48:50.667630Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-07-18T14:48:57.854Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. A low privileged attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim\u0027s browser. Exploitation of this issue requires user interaction in that a victim must visit a specially crafted web page." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-07-16T15:52:11.085Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46959", "datePublished": "2025-07-16T15:52:11.085Z", "dateReserved": "2025-04-30T20:47:54.982Z", "dateUpdated": "2025-07-18T14:48:57.854Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47044 (GCVE-0-2025-47044)
Vulnerability from cvelistv5
Published
2025-06-10 22:18
Modified
2025-06-11 14:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (DOM-based XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47044", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:03:42.739685Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:48:58.463Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:18:46.774Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47044", "datePublished": "2025-06-10T22:18:46.774Z", "dateReserved": "2025-04-30T20:47:54.997Z", "dateUpdated": "2025-06-11T14:48:58.463Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46901 (GCVE-0-2025-46901)
Vulnerability from cvelistv5
Published
2025-06-10 22:20
Modified
2025-06-11 13:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46901", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T13:44:11.394808Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T13:45:09.141Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:20:34.283Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46901", "datePublished": "2025-06-10T22:20:34.283Z", "dateReserved": "2025-04-30T20:47:54.955Z", "dateUpdated": "2025-06-11T13:45:09.141Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47038 (GCVE-0-2025-47038)
Vulnerability from cvelistv5
Published
2025-06-10 22:19
Modified
2025-06-11 14:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (DOM-based XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47038", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T13:59:44.995234Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:44:13.644Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:19:19.601Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47038", "datePublished": "2025-06-10T22:19:19.601Z", "dateReserved": "2025-04-30T20:47:54.996Z", "dateUpdated": "2025-06-11T14:44:13.644Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46857 (GCVE-0-2025-46857)
Vulnerability from cvelistv5
Published
2025-06-10 22:18
Modified
2025-06-11 14:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Reflected XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46857", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:04:35.432495Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:50:04.055Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim\u0027s browser." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Reflected XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:18:38.632Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46857", "datePublished": "2025-06-10T22:18:38.632Z", "dateReserved": "2025-04-30T20:47:54.946Z", "dateUpdated": "2025-06-11T14:50:04.055Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47013 (GCVE-0-2025-47013)
Vulnerability from cvelistv5
Published
2025-06-10 22:18
Modified
2025-06-11 14:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47013", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:08:37.138016Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:55:07.816Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:18:04.572Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47013", "datePublished": "2025-06-10T22:18:04.572Z", "dateReserved": "2025-04-30T20:47:54.994Z", "dateUpdated": "2025-06-11T14:55:07.816Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46880 (GCVE-0-2025-46880)
Vulnerability from cvelistv5
Published
2025-06-10 22:19
Modified
2025-06-11 14:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46880", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T13:59:52.109816Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:44:22.309Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:19:18.837Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46880", "datePublished": "2025-06-10T22:19:18.837Z", "dateReserved": "2025-04-30T20:47:54.952Z", "dateUpdated": "2025-06-11T14:44:22.309Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46941 (GCVE-0-2025-46941)
Vulnerability from cvelistv5
Published
2025-06-10 22:18
Modified
2025-06-11 14:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46941", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:02:38.452252Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:47:42.821Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:18:56.263Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46941", "datePublished": "2025-06-10T22:18:56.263Z", "dateReserved": "2025-04-30T20:47:54.976Z", "dateUpdated": "2025-06-11T14:47:42.821Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46981 (GCVE-0-2025-46981)
Vulnerability from cvelistv5
Published
2025-06-10 22:20
Modified
2025-06-11 14:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46981", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T13:56:02.572621Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:38:19.382Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:20:10.012Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46981", "datePublished": "2025-06-10T22:20:10.012Z", "dateReserved": "2025-04-30T20:47:54.986Z", "dateUpdated": "2025-06-11T14:38:19.382Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47080 (GCVE-0-2025-47080)
Vulnerability from cvelistv5
Published
2025-06-10 22:19
Modified
2025-06-11 15:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47080", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T15:20:03.818999Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T15:29:22.933Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:19:47.191Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47080", "datePublished": "2025-06-10T22:19:47.191Z", "dateReserved": "2025-04-30T20:47:54.999Z", "dateUpdated": "2025-06-11T15:29:22.933Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46842 (GCVE-0-2025-46842)
Vulnerability from cvelistv5
Published
2025-06-10 22:18
Modified
2025-06-11 14:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46842", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:06:19.520701Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:52:14.197Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:18:24.178Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46842", "datePublished": "2025-06-10T22:18:24.178Z", "dateReserved": "2025-04-30T20:47:54.945Z", "dateUpdated": "2025-06-11T14:52:14.197Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46881 (GCVE-0-2025-46881)
Vulnerability from cvelistv5
Published
2025-06-10 22:17
Modified
2025-06-11 14:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46881", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:07:15.871812Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:20:50.226Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:17:45.587Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46881", "datePublished": "2025-06-10T22:17:45.587Z", "dateReserved": "2025-04-30T20:47:54.952Z", "dateUpdated": "2025-06-11T14:20:50.226Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46971 (GCVE-0-2025-46971)
Vulnerability from cvelistv5
Published
2025-06-10 22:20
Modified
2025-06-11 15:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46971", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T15:05:43.405571Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T15:06:35.972Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:20:21.887Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46971", "datePublished": "2025-06-10T22:20:21.887Z", "dateReserved": "2025-04-30T20:47:54.984Z", "dateUpdated": "2025-06-11T15:06:35.972Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46987 (GCVE-0-2025-46987)
Vulnerability from cvelistv5
Published
2025-06-10 22:18
Modified
2025-06-11 14:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46987", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:05:40.269784Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:51:22.099Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:18:29.427Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46987", "datePublished": "2025-06-10T22:18:29.427Z", "dateReserved": "2025-04-30T20:47:54.988Z", "dateUpdated": "2025-06-11T14:51:22.099Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47068 (GCVE-0-2025-47068)
Vulnerability from cvelistv5
Published
2025-06-10 22:18
Modified
2025-06-11 14:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47068", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:05:02.671005Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:50:34.918Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:18:34.854Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47068", "datePublished": "2025-06-10T22:18:34.854Z", "dateReserved": "2025-04-30T20:47:54.999Z", "dateUpdated": "2025-06-11T14:50:34.918Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46847 (GCVE-0-2025-46847)
Vulnerability from cvelistv5
Published
2025-06-10 22:18
Modified
2025-06-11 14:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46847", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:06:09.235390Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:51:58.257Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:18:25.710Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46847", "datePublished": "2025-06-10T22:18:25.710Z", "dateReserved": "2025-04-30T20:47:54.945Z", "dateUpdated": "2025-06-11T14:51:58.257Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46929 (GCVE-0-2025-46929)
Vulnerability from cvelistv5
Published
2025-06-10 22:18
Modified
2025-06-11 14:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46929", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:02:59.958272Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:48:10.727Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:18:53.082Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46929", "datePublished": "2025-06-10T22:18:53.082Z", "dateReserved": "2025-04-30T20:47:54.968Z", "dateUpdated": "2025-06-11T14:48:10.727Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46968 (GCVE-0-2025-46968)
Vulnerability from cvelistv5
Published
2025-06-10 22:17
Modified
2025-06-11 14:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46968", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:06:53.089886Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:19:59.352Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:17:53.481Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46968", "datePublished": "2025-06-10T22:17:53.481Z", "dateReserved": "2025-04-30T20:47:54.984Z", "dateUpdated": "2025-06-11T14:19:59.352Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47096 (GCVE-0-2025-47096)
Vulnerability from cvelistv5
Published
2025-06-10 22:20
Modified
2025-07-14 20:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass, allowing a low impact to the integrity of the component. Exploitation of this issue requires user interaction in that a victim must interact with the malicious content. Low privileges are required.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47096", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T00:00:00+00:00", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-12T03:55:12.042Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass, allowing a low impact to the integrity of the component. Exploitation of this issue requires user interaction in that a victim must interact with the malicious content. Low privileges are required." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 3.5, "environmentalSeverity": "LOW", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "NONE", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "UNCHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 3.5, "temporalSeverity": "LOW", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "Improper Input Validation (CWE-20)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-07-14T20:41:56.281Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Improper Input Validation (CWE-20)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47096", "datePublished": "2025-06-10T22:20:03.475Z", "dateReserved": "2025-04-30T20:47:55.000Z", "dateUpdated": "2025-07-14T20:41:56.281Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46964 (GCVE-0-2025-46964)
Vulnerability from cvelistv5
Published
2025-06-10 22:18
Modified
2025-06-11 14:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (DOM-based XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46964", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:06:29.685983Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:52:27.591Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:18:22.436Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46964", "datePublished": "2025-06-10T22:18:22.436Z", "dateReserved": "2025-04-30T20:47:54.983Z", "dateUpdated": "2025-06-11T14:52:27.591Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46926 (GCVE-0-2025-46926)
Vulnerability from cvelistv5
Published
2025-06-10 22:18
Modified
2025-06-11 14:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46926", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:03:31.614111Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:48:47.002Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:18:48.358Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46926", "datePublished": "2025-06-10T22:18:48.358Z", "dateReserved": "2025-04-30T20:47:54.966Z", "dateUpdated": "2025-06-11T14:48:47.002Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46853 (GCVE-0-2025-46853)
Vulnerability from cvelistv5
Published
2025-06-10 22:17
Modified
2025-06-11 14:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46853", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:06:57.851773Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:20:12.171Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:17:50.931Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46853", "datePublished": "2025-06-10T22:17:50.931Z", "dateReserved": "2025-04-30T20:47:54.946Z", "dateUpdated": "2025-06-11T14:20:12.171Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47053 (GCVE-0-2025-47053)
Vulnerability from cvelistv5
Published
2025-07-16 15:56
Modified
2025-07-18 14:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (DOM-based XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. A low privileged attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a specially crafted web page.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47053", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-07-18T14:37:51.525938Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-07-18T14:37:57.305Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. A low privileged attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim\u0027s browser. Exploitation of this issue requires user interaction in that a victim must visit a specially crafted web page." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-07-16T15:56:58.163Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47053", "datePublished": "2025-07-16T15:56:58.163Z", "dateReserved": "2025-04-30T20:47:54.998Z", "dateUpdated": "2025-07-18T14:37:57.305Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46866 (GCVE-0-2025-46866)
Vulnerability from cvelistv5
Published
2025-06-10 22:18
Modified
2025-06-11 14:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (DOM-based XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46866", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:07:26.601618Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:53:34.618Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:18:14.718Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46866", "datePublished": "2025-06-10T22:18:14.718Z", "dateReserved": "2025-04-30T20:47:54.948Z", "dateUpdated": "2025-06-11T14:53:34.618Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46973 (GCVE-0-2025-46973)
Vulnerability from cvelistv5
Published
2025-06-10 22:17
Modified
2025-06-11 14:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (DOM-based XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46973", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:10:17.969830Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:59:00.973Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:17:35.674Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46973", "datePublished": "2025-06-10T22:17:35.674Z", "dateReserved": "2025-04-30T20:47:54.984Z", "dateUpdated": "2025-06-11T14:59:00.973Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46919 (GCVE-0-2025-46919)
Vulnerability from cvelistv5
Published
2025-06-10 22:19
Modified
2025-06-11 14:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46919", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T13:59:21.471635Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:43:45.526Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:19:22.427Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46919", "datePublished": "2025-06-10T22:19:22.427Z", "dateReserved": "2025-04-30T20:47:54.965Z", "dateUpdated": "2025-06-11T14:43:45.526Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47017 (GCVE-0-2025-47017)
Vulnerability from cvelistv5
Published
2025-06-10 22:19
Modified
2025-06-11 14:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47017", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T13:56:52.446284Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:39:12.752Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:19:54.141Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47017", "datePublished": "2025-06-10T22:19:54.141Z", "dateReserved": "2025-04-30T20:47:54.995Z", "dateUpdated": "2025-06-11T14:39:12.752Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46889 (GCVE-0-2025-46889)
Vulnerability from cvelistv5
Published
2025-06-10 22:18
Modified
2025-06-12 03:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-284 - Improper Access Control ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by an Improper Access Control vulnerability that could result in privilege escalation. A low privileged attacker could leverage this vulnerability to bypass security measures and gain limited unauthorized elevated access. Exploitation of this issue does not require user interaction.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46889", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T00:00:00+00:00", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-12T03:55:10.979Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by an Improper Access Control vulnerability that could result in privilege escalation. A low privileged attacker could leverage this vulnerability to bypass security measures and gain limited unauthorized elevated access. Exploitation of this issue does not require user interaction." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "UNCHANGED", "modifiedUserInteraction": "NONE", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-284", "description": "Improper Access Control (CWE-284)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:18:44.435Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Improper Access Control (CWE-284)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46889", "datePublished": "2025-06-10T22:18:44.435Z", "dateReserved": "2025-04-30T20:47:54.953Z", "dateUpdated": "2025-06-12T03:55:10.979Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46906 (GCVE-0-2025-46906)
Vulnerability from cvelistv5
Published
2025-06-10 22:19
Modified
2025-06-11 14:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46906", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T13:58:33.763536Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:40:57.950Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:19:34.322Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46906", "datePublished": "2025-06-10T22:19:34.322Z", "dateReserved": "2025-04-30T20:47:54.956Z", "dateUpdated": "2025-06-11T14:40:57.950Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46916 (GCVE-0-2025-46916)
Vulnerability from cvelistv5
Published
2025-06-10 22:18
Modified
2025-06-11 14:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46916", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:03:11.853820Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:48:22.799Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:18:51.458Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46916", "datePublished": "2025-06-10T22:18:51.458Z", "dateReserved": "2025-04-30T20:47:54.964Z", "dateUpdated": "2025-06-11T14:48:22.799Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46979 (GCVE-0-2025-46979)
Vulnerability from cvelistv5
Published
2025-06-10 22:19
Modified
2025-06-11 18:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46979", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T18:02:01.200120Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T18:02:37.259Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:19:58.945Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46979", "datePublished": "2025-06-10T22:19:58.945Z", "dateReserved": "2025-04-30T20:47:54.985Z", "dateUpdated": "2025-06-11T18:02:37.259Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47075 (GCVE-0-2025-47075)
Vulnerability from cvelistv5
Published
2025-06-10 22:20
Modified
2025-06-11 15:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47075", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T15:04:27.563151Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T15:04:49.624Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:20:22.690Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47075", "datePublished": "2025-06-10T22:20:22.690Z", "dateReserved": "2025-04-30T20:47:54.999Z", "dateUpdated": "2025-06-11T15:04:49.624Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46885 (GCVE-0-2025-46885)
Vulnerability from cvelistv5
Published
2025-06-10 22:18
Modified
2025-06-11 14:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46885", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:07:31.935539Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:53:40.778Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:18:13.947Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46885", "datePublished": "2025-06-10T22:18:13.947Z", "dateReserved": "2025-04-30T20:47:54.953Z", "dateUpdated": "2025-06-11T14:53:40.778Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46886 (GCVE-0-2025-46886)
Vulnerability from cvelistv5
Published
2025-06-10 22:18
Modified
2025-06-11 14:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46886", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:06:24.492048Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:52:20.662Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:18:23.300Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46886", "datePublished": "2025-06-10T22:18:23.300Z", "dateReserved": "2025-04-30T20:47:54.953Z", "dateUpdated": "2025-06-11T14:52:20.662Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46999 (GCVE-0-2025-46999)
Vulnerability from cvelistv5
Published
2025-06-10 22:19
Modified
2025-06-11 15:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46999", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T15:16:41.507350Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T15:16:56.153Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:19:57.201Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46999", "datePublished": "2025-06-10T22:19:57.201Z", "dateReserved": "2025-04-30T20:47:54.991Z", "dateUpdated": "2025-06-11T15:16:56.153Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46935 (GCVE-0-2025-46935)
Vulnerability from cvelistv5
Published
2025-06-10 22:18
Modified
2025-06-11 14:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46935", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:07:49.187006Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:54:06.216Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:18:11.484Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46935", "datePublished": "2025-06-10T22:18:11.484Z", "dateReserved": "2025-04-30T20:47:54.969Z", "dateUpdated": "2025-06-11T14:54:06.216Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46978 (GCVE-0-2025-46978)
Vulnerability from cvelistv5
Published
2025-06-10 22:20
Modified
2025-06-11 14:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46978", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T13:55:14.847308Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:37:25.235Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:20:16.431Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46978", "datePublished": "2025-06-10T22:20:16.431Z", "dateReserved": "2025-04-30T20:47:54.985Z", "dateUpdated": "2025-06-11T14:37:25.235Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46894 (GCVE-0-2025-46894)
Vulnerability from cvelistv5
Published
2025-06-10 22:17
Modified
2025-06-11 14:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46894", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:06:43.996686Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:19:37.427Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:17:56.623Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46894", "datePublished": "2025-06-10T22:17:56.623Z", "dateReserved": "2025-04-30T20:47:54.954Z", "dateUpdated": "2025-06-11T14:19:37.427Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47008 (GCVE-0-2025-47008)
Vulnerability from cvelistv5
Published
2025-06-10 22:18
Modified
2025-06-11 14:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47008", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:03:37.987839Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:48:52.562Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:18:47.539Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47008", "datePublished": "2025-06-10T22:18:47.539Z", "dateReserved": "2025-04-30T20:47:54.992Z", "dateUpdated": "2025-06-11T14:48:52.562Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46970 (GCVE-0-2025-46970)
Vulnerability from cvelistv5
Published
2025-06-10 22:18
Modified
2025-06-11 14:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (DOM-based XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46970", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:05:50.281409Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:51:35.936Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:18:27.944Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46970", "datePublished": "2025-06-10T22:18:27.944Z", "dateReserved": "2025-04-30T20:47:54.984Z", "dateUpdated": "2025-06-11T14:51:35.936Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-46974 (GCVE-0-2025-46974)
Vulnerability from cvelistv5
Published
2025-06-10 22:19
Modified
2025-06-11 14:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (DOM-based XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-46974", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T13:57:30.626086Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:39:55.311Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:19:48.837Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-46974", "datePublished": "2025-06-10T22:19:48.837Z", "dateReserved": "2025-04-30T20:47:54.984Z", "dateUpdated": "2025-06-11T14:39:55.311Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47072 (GCVE-0-2025-47072)
Vulnerability from cvelistv5
Published
2025-06-10 22:18
Modified
2025-06-11 14:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47072", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:05:30.495691Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:51:08.271Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Stored XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:18:30.950Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47072", "datePublished": "2025-06-10T22:18:30.950Z", "dateReserved": "2025-04-30T20:47:54.999Z", "dateUpdated": "2025-06-11T14:51:08.271Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-47037 (GCVE-0-2025-47037)
Vulnerability from cvelistv5
Published
2025-06-10 22:18
Modified
2025-06-11 14:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (DOM-based XSS) ()
Summary
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Adobe | Adobe Experience Manager |
Version: 0 ≤ 6.5.22 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-47037", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-11T14:08:21.453355Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-11T14:54:44.381Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Experience Manager", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "6.5.22", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-06-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.4, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (DOM-based XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-06-10T22:18:06.948Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2025-47037", "datePublished": "2025-06-10T22:18:06.948Z", "dateReserved": "2025-04-30T20:47:54.996Z", "dateUpdated": "2025-06-11T14:54:44.381Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…