#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(326739);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/07/14");
script_cve_id(
"CVE-2026-34692",
"CVE-2026-47935",
"CVE-2026-47936",
"CVE-2026-47939",
"CVE-2026-47941",
"CVE-2026-47942",
"CVE-2026-47943",
"CVE-2026-47944",
"CVE-2026-47945",
"CVE-2026-47946",
"CVE-2026-47947",
"CVE-2026-47948",
"CVE-2026-47949",
"CVE-2026-47950",
"CVE-2026-47951",
"CVE-2026-47953",
"CVE-2026-47954",
"CVE-2026-47956",
"CVE-2026-47957",
"CVE-2026-47958",
"CVE-2026-47962",
"CVE-2026-47966",
"CVE-2026-47970",
"CVE-2026-47972",
"CVE-2026-47973",
"CVE-2026-47974",
"CVE-2026-47975",
"CVE-2026-47977",
"CVE-2026-47978",
"CVE-2026-47980",
"CVE-2026-47981",
"CVE-2026-47982",
"CVE-2026-47983",
"CVE-2026-47985",
"CVE-2026-47986",
"CVE-2026-47987",
"CVE-2026-47989",
"CVE-2026-47990",
"CVE-2026-47991",
"CVE-2026-47993",
"CVE-2026-48250",
"CVE-2026-48251",
"CVE-2026-48256",
"CVE-2026-48258",
"CVE-2026-48264",
"CVE-2026-48265",
"CVE-2026-48266",
"CVE-2026-48268",
"CVE-2026-48271",
"CVE-2026-48280",
"CVE-2026-48288",
"CVE-2026-48289",
"CVE-2026-48297",
"CVE-2026-48299",
"CVE-2026-48300",
"CVE-2026-48301",
"CVE-2026-48304"
);
script_name(english:"Adobe Experience Manager 6.5.0 < 6.5.2 Multiple Vulnerabilities (APSB26-56)");
script_set_attribute(attribute:"synopsis", value:
"The Adobe Experience Manager instance installed on the remote host is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of Adobe Experience Manager installed on the remote host is prior to 6.5.2. It is, therefore, affected by
multiple vulnerabilities as referenced in the APSB26-56 advisory.
- Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by an Improper
Redirect (Open Redirect) vulnerability that could lead to account takeover. An attacker could construct a
malicious URL that redirects a victim to an attacker-controlled site. Exploitation of this issue requires
user interaction in that a victim must click on a malicious link. (CVE-2026-47991)
- Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-
Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM
environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of
this issue requires user interaction in that a victim must visit a crafted webpage. Scope is changed.
(CVE-2026-34692, CVE-2026-47935, CVE-2026-47946, CVE-2026-47947, CVE-2026-47982, CVE-2026-47983,
CVE-2026-47985, CVE-2026-47986, CVE-2026-47987, CVE-2026-47989, CVE-2026-47993, CVE-2026-48250,
CVE-2026-48251, CVE-2026-48256, CVE-2026-48258, CVE-2026-48264, CVE-2026-48265, CVE-2026-48266,
CVE-2026-48268, CVE-2026-48271, CVE-2026-48280)
- Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site
Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious
scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they
browse to the page containing the vulnerable field. Scope is changed. (CVE-2026-47936, CVE-2026-47939,
CVE-2026-47941, CVE-2026-47942, CVE-2026-47943, CVE-2026-47944, CVE-2026-47945, CVE-2026-47948,
CVE-2026-47949, CVE-2026-47950, CVE-2026-47951, CVE-2026-47953, CVE-2026-47954, CVE-2026-47956,
CVE-2026-47957, CVE-2026-47958, CVE-2026-47962, CVE-2026-47966, CVE-2026-47970, CVE-2026-47972,
CVE-2026-47973, CVE-2026-47974, CVE-2026-47975, CVE-2026-47977, CVE-2026-47978, CVE-2026-47980,
CVE-2026-47981, CVE-2026-47990, CVE-2026-48297, CVE-2026-48299, CVE-2026-48300, CVE-2026-48301,
CVE-2026-48304)
- Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by an Improper Input
Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could
leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation
of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact
with a compromised web page. (CVE-2026-48288, CVE-2026-48289)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
# https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?45e6764e");
script_set_attribute(attribute:"solution", value:
"Upgrade to Adobe Experience Manager version 6.5.2 or later.");
script_set_attribute(attribute:"agent", value:"all");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2026-47991");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(20, 79);
script_set_attribute(attribute:"vuln_publication_date", value:"2026/06/09");
script_set_attribute(attribute:"patch_publication_date", value:"2026/06/09");
script_set_attribute(attribute:"plugin_publication_date", value:"2026/07/14");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:experience_manager");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("adobe_experience_manager_http_detect.nbin");
script_require_keys("installed_sw/Adobe Experience Manager");
exit(0);
}
include('vcf.inc');
include('http.inc');
var port = get_http_port(default:4502);
var app_info = vcf::get_app_info(app:'Adobe Experience Manager', port:port);
vcf::check_granularity(app_info:app_info, sig_segments:2);
var constraints = [
{ 'min_version' : '6.5.0', 'fixed_version' : '6.5.2', 'fixed_display' : '6.5.2 / 6.5.25' }
];
vcf::check_version_and_report(
app_info:app_info,
constraints:constraints,
require_paranoia:TRUE,
severity:SECURITY_WARNING,
flags:{'xss':TRUE}
);
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation