Experience Manager Security Vulnerabilities and Issues — Experience Manager CVE List

Lucene search

AdobeExperience Manager

11 matches found

CVE•added 2020/12/10 6:15 a.m.•77 views

CVE-2020-24445

AEM's Cloud Service offering, as well as version 6.5.6.0 (and below), are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they b...

9CVSS8AI score0.01091EPSS

CVE•added 2022/01/13 9:15 p.m.•67 views

CVE-2021-40722

AEM Forms Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by an XML External Entity (XXE) injection vulnerability that could be abused by an attacker to achieve RCE.

9.8CVSS9.5AI score0.00383EPSS

CVE•added 2019/10/25 4:15 p.m.•59 views

CVE-2019-8088

Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.

9.8CVSS9.7AI score0.12685EPSS

CVE•added 2020/09/10 5:15 p.m.•49 views

CVE-2020-9734

The AEM Forms add-on for versions 6.5.5.0 (and below) and 6.4.8.1 (and below) is affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Forms component. These scripts may be executed in a victim’s browser when they ...

9CVSS5.4AI score0.00658EPSS

CVE•added 2024/06/13 8:15 a.m.•48 views

CVE-2024-26029

Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain disclose information. Exploitation of this issue does not ...

9.8CVSS8.1AI score0.00067EPSS

CVE•added 2020/09/10 5:15 p.m.•45 views

CVE-2020-9732

The AEM Forms add-on for versions 6.5.5.0 (and below) and 6.4.8.2 (and below) are affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Sites component. These scripts may be executed in a victim’s browser when they...

9CVSS8.3AI score0.00952EPSS

CVE•added 2017/08/11 7:29 p.m.•40 views

CVE-2017-3108

Adobe Experience Manager 6.2 and earlier has a malicious file execution vulnerability.

9.8CVSS9.4AI score0.13208EPSS

CVE•added 2020/09/10 5:15 p.m.•35 views

CVE-2020-9742

AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below) and 6.3.3.8 (and below) are affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Inbox calendar feature. These scripts may be executed in a victim’s browser wh...

9CVSS5.6AI score0.00872EPSS

CVE•added 2020/09/10 5:15 p.m.•34 views

CVE-2020-9740

AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Design Importer. These scripts may be executed in a...

9CVSS5.6AI score0.00658EPSS

CVE•added 2020/09/10 5:15 p.m.•30 views

CVE-2020-9741

The AEM forms add-on for versions 6.5.5.0 (and below) and 6.4.8.2 (and below) is affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Forms component. These scripts may be executed in a victim’s browser when they ...

9CVSS5.4AI score0.00658EPSS

CVE•added 2025/07/08 10:15 p.m.•14 views

CVE-2025-49533

Adobe Experience Manager (MS) versions 6.5.23.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could lead to arbitrary code execution by an attacker. Exploitation of this issue does not require user interaction. Scope is unchanged.

9.8CVSS7.2AI score0.06831EPSS