CVE Catalog

CVE-2026-34691

CriticalCVSS 9.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.10%

27th percentile — higher than 27% of all known CVEs

Summary

Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

Risk Assessment

An attacker may execute malicious JavaScript in a victim's browser, potentially gaining elevated access or control over the victim's account or session.

Recommendation

It is recommended to update to the latest version of Adobe Experience Manager Forms to mitigate this vulnerability.

Original NVD description (English source)

Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field, potentially gaining elevated access or control over the victim's account or session. Scope is changed.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS