Lucene search
K
AdobeExperience Manager Forms

8 matches found

CVE
CVE
added 2016/12/15 6:31 a.m.116 views

CVE-2016-6934

CVE-2016-6934 affects Adobe Experience Manager Forms (versions 6.2 and earlier) and LiveCycle (11.0.1 and 10.0.4) with an input validation issue in the PMAdmin module that can enable cross-site scripting. Public sources link this to two input-validation vulnerabilities in AEM Forms; NVD lists CVS...

6.1CVSS5.9AI score0.02605EPSS
CVE
CVE
added 2019/05/29 5:47 p.m.111 views

CVE-2019-7129

Adobe Experience Manager Forms (AEM Forms) versions 6.2–6.4 contain a stored cross‑site scripting vulnerability. The root cause is insufficient validation of client‑side data by the web application, which could enable an attacker to disclose sensitive information. This CVE (CVE-2019-7129) is docu...

6.1CVSS5.6AI score0.01626EPSS
CVE
CVE
added 2019/10/22 8:50 p.m.103 views

CVE-2019-8089

Adobe Experience Manager Forms (AEM Forms) versions 6.3–6.5 are affected by a reflected cross-site scripting (XSS) vulnerability due to insufficient sanitization of user input. Successful exploitation could lead to disclosure of sensitive information. Multiple connected sources confirm the issue ...

6.1CVSS5.6AI score0.01498EPSS
CVE
CVE
added 2025/08/05 4:53 p.m.93 views

CVE-2025-54253

CVE-2025-54253 affects Adobe Experience Manager (AEM) Forms on JEE, up to version 6.5.23, via an OGNL injection that enables unauthenticated RCE by reaching the /adminui/debug endpoint. Several connected sources confirm an unsafe evaluation path (OGNL/Struts-like) that can execute arbitrary OS co...

10CVSS7.8AI score0.87515EPSS
In wild
CVE
CVE
added 2020/09/10 4:34 p.m.67 views

CVE-2020-9733

CVE-2020-9733 affects Adobe Experience Manager (AEM) Java servlet on AEM 6.5.5.0 and earlier and 6.4.8.1 and earlier, which can run with the permissions of a high-privileged service user and may lead to read-only access to sensitive data in the AEM repository. The issue is mitigated by applying p...

7.5CVSS7.3AI score0.03751EPSS
CVE
CVE
added 2017/05/09 4:0 p.m.59 views

CVE-2017-3067

CVE-2017-3067 affects Adobe Experience Manager Forms (AEM Forms) versions 6.0–6.2, with an information disclosure vulnerability caused by abuse of the pre-population service. Exploitation could disclose sensitive information via the pre-population mechanism. Adobe released APSB17-16 security upda...

7.5CVSS7.2AI score0.04791EPSS
CVE
CVE
added 2020/09/10 4:35 p.m.58 views

CVE-2020-9732

CVE-2020-9732 affects Adobe Experience Manager (AEM) Forms add-on for versions 6.5.5.0 and earlier and 6.4.8.2 and earlier. Root cause is a stored XSS in fields for the Sites component, allowing an author to store malicious scripts that execute in a viewer’s browser when the vulnerable page is op...

9CVSS8.3AI score0.02809EPSS
CVE
CVE
added 2025/08/05 4:53 p.m.41 views

CVE-2025-54254

CVE-2025-54254 affects Adobe Experience Manager, specifically versions 6.5.23 and earlier, due to an XML External Entity (XXE) handling flaw that can cause arbitrary file system reads. The issue arises from improper restriction of XML entities, enabling an attacker to read local files without use...

8.6CVSS7.5AI score0.77133EPSS
In wild