CVE Catalog

CVE-2026-47972

MediumCVSS 5.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.03%

9th percentile - higher than 9% of all known CVEs

Summary

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that allows low-privileged attackers to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.

Risk Assessment

A low-privileged attacker could exploit this vulnerability to inject malicious code, potentially leading to user data theft or session hijacking. This poses a significant threat to the security of data within the organization.

Recommendation

It is recommended to update Adobe Experience Manager to the latest version to mitigate this vulnerability. Additionally, conduct a security audit of forms to identify and secure vulnerable fields.

Original NVD description (English source)

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS