CVE Catalog

CVE-2026-47944

MediumCVSS 5.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.03%

9th percentile - higher than 9% of all known CVEs

Summary

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

Risk Assessment

An attacker could inject malicious JavaScript that may be executed in a victim's browser, potentially leading to data theft or session hijacking.

Recommendation

It is recommended to upgrade to the latest version of Adobe Experience Manager to mitigate this vulnerability and conduct a security audit of the application.

Original NVD description (English source)

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS