CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2026/06/09 12:0 a.m.•8 views

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among...

5.4CVSS5.5AI score0.00207EPSS

ATTACKERKB•added 2026/06/02 8:31 a.m.•7 views

CVE-2026-34907

Wirtualna Uczelnia is vulnerable to Reflected Cross‑Site Scripting XSS due to insecure handling of the locale parameter across multiple endpoints. An attacker can craft a malicious URL with JavaScript embedded in the locale parameter and send it to a victim. When the victim opens the link, the...

5.1CVSS5.7AI score0.00285EPSS

Exploits0References3

Cvelist•added 2026/04/14 6:0 p.m.•24 views

CVE-2026-27288 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)

Adobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of thi...

5.4CVSS0.00189EPSS

NVD•added 2026/04/14 12:16 a.m.•1 views

CVE-2026-27674

Due to a Code Injection vulnerability in SAP NetWeaver Application Server Java Web Dynpro Java, an unauthenticated attacker could supply crafted input that is interpreted by the application and causes it to reference attacker-controlled content. If a victim accesses the affected functionality, th...

6.1CVSS0.00192EPSS

EUVD•added 2026/03/11 3:31 a.m.•3 views

EUVD-2026-11016

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

5.4CVSS5.8AI score0.0003EPSS

EUVD•added 2026/03/11 3:31 a.m.•3 views

EUVD-2026-10973

OSV•added 2026/03/11 1:16 a.m.•3 views

CVE-2026-27261

5.4CVSS5.7AI score0.0003EPSS

NVD•added 2026/03/11 1:16 a.m.•5 views

CVE-2026-27248

5.4CVSS0.00167EPSS

CVE•added 2026/03/11 12:23 a.m.•13 views

CVE-2026-27255

Adobe Experience Manager 6.5.23 and earlier are affected by a stored XSS vulnerability in vulnerable form fields. A low-privilege attacker could inject JavaScript that is executed in a user’s browser when visiting the vulnerable page. Remediation referenced in multiple sources is to update to 6.5...

ATTACKERKB•added 2026/03/11 12:23 a.m.•4 views

CVE-2026-27223

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE•added 2026/03/11 12:23 a.m.•22 views

CVE-2026-27242

Adobe Experience Manager fixes for CVE-2026-27242: A stored XSS affecting AEM 6.5.23 and earlier. The vulnerability exists in how form field input is sanitized, allowing a low-privileged attacker to inject malicious JavaScript that executes in a user’s browser when visiting a page containing the ...

EUVD•added 2026/03/11 12:23 a.m.•3 views

EUVD-2026-11003

CVE•added 2026/03/11 12:23 a.m.•9 views

CVE-2026-27225

CVE-2026-27225 concerns Adobe Experience Manager (AEM) versions 6.5.23 and earlier, with a stored XSS vulnerability in form fields. The underlying issue is inadequate input sanitization/output encoding, allowing a low-privileged attacker to inject malicious JavaScript that may run in a victim’s b...

Cvelist•added 2026/03/11 12:23 a.m.•37 views

CVE-2026-27256 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

5.4CVSS0.00167EPSS

ATTACKERKB•added 2026/03/11 12:23 a.m.•3 views

CVE-2026-27257

Vulnrichment•added 2026/03/11 12:23 a.m.•2 views

CVE-2026-27224 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

5.4CVSS5.8AI score0.00205EPSS

Positive Technologies•added 2026/02/03 12:0 a.m.•5 views

PT-2026-5823

Victor CMS 1.0 contains a stored cross-site scripting vulnerability in the 'comment author' POST parameter that allows attackers to inject malicious scripts. Attackers can submit crafted JavaScript payloads through the comment submission form to execute arbitrary code in victim browsers...

7.2CVSS5.7AI score0.00234EPSS

Exploits1References4

Vulnrichment•added 2025/12/31 10:13 p.m.•3 views

CVE-2025-67703 Stored XSS vulnerability in ArcGIS Server.

There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser...

6.1CVSS6.3AI score0.00193EPSS

Vulnrichment•added 2025/12/18 1:16 p.m.•3 views

CVE-2025-40892 Stored Cross-Site Scripting (XSS) in Reports in Guardian/CMC before 25.5.0

A Stored Cross-Site Scripting vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. An authenticated user with report privileges can define a malicious report containing a JavaScript payload, or a victim can be socially engineered to import a...

8.9CVSS4.9AI score0.0021EPSS