8 matches found
CVE-2016-6934
CVE-2016-6934 affects Adobe Experience Manager Forms (versions 6.2 and earlier) and LiveCycle (11.0.1 and 10.0.4) with an input validation issue in the PMAdmin module that can enable cross-site scripting. Public sources link this to two input-validation vulnerabilities in AEM Forms; NVD lists CVS...
CVE-2019-7129
Adobe Experience Manager Forms (AEM Forms) versions 6.2–6.4 contain a stored cross‑site scripting vulnerability. The root cause is insufficient validation of client‑side data by the web application, which could enable an attacker to disclose sensitive information. This CVE (CVE-2019-7129) is docu...
CVE-2019-8089
Adobe Experience Manager Forms (AEM Forms) versions 6.3–6.5 are affected by a reflected cross-site scripting (XSS) vulnerability due to insufficient sanitization of user input. Successful exploitation could lead to disclosure of sensitive information. Multiple connected sources confirm the issue ...
CVE-2025-54253
CVE-2025-54253 affects Adobe Experience Manager (AEM) Forms on JEE, up to version 6.5.23, via an OGNL injection that enables unauthenticated RCE by reaching the /adminui/debug endpoint. Several connected sources confirm an unsafe evaluation path (OGNL/Struts-like) that can execute arbitrary OS co...
CVE-2020-9733
CVE-2020-9733 affects Adobe Experience Manager (AEM) Java servlet on AEM 6.5.5.0 and earlier and 6.4.8.1 and earlier, which can run with the permissions of a high-privileged service user and may lead to read-only access to sensitive data in the AEM repository. The issue is mitigated by applying p...
CVE-2017-3067
CVE-2017-3067 affects Adobe Experience Manager Forms (AEM Forms) versions 6.0–6.2, with an information disclosure vulnerability caused by abuse of the pre-population service. Exploitation could disclose sensitive information via the pre-population mechanism. Adobe released APSB17-16 security upda...
CVE-2020-9732
CVE-2020-9732 affects Adobe Experience Manager (AEM) Forms add-on for versions 6.5.5.0 and earlier and 6.4.8.2 and earlier. Root cause is a stored XSS in fields for the Sites component, allowing an author to store malicious scripts that execute in a viewer’s browser when the vulnerable page is op...
CVE-2025-54254
CVE-2025-54254 affects Adobe Experience Manager, specifically versions 6.5.23 and earlier, due to an XML External Entity (XXE) handling flaw that can cause arbitrary file system reads. The issue arises from improper restriction of XML entities, enabling an attacker to read local files without use...