CVE-2026-47962
MediumCVSS 5.4Exploitation Probability (EPSS)
Low risk9th percentile - higher than 9% of all known CVEs
Summary
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
Risk Assessment
A low-privileged attacker could exploit this vulnerability to carry out XSS attacks, potentially leading to user data theft or session hijacking. This poses a significant threat to data security within the organization.
Recommendation
It is recommended to update Adobe Experience Manager to the latest version to mitigate this vulnerability. Additionally, implementing security mechanisms to prevent script injection in forms is advisable.
Original NVD description (English source)
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.

