CVE-2026-47972
MediumCVSS 5.4Exploitation Probability (EPSS)
Low risk9th percentile - higher than 9% of all known CVEs
Summary
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that allows low-privileged attackers to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
Risk Assessment
A low-privileged attacker could exploit this vulnerability to inject malicious code, potentially leading to user data theft or session hijacking. This poses a significant threat to the security of data within the organization.
Recommendation
It is recommended to update Adobe Experience Manager to the latest version to mitigate this vulnerability. Additionally, conduct a security audit of forms to identify and secure vulnerable fields.
Original NVD description (English source)
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.

