CVE-2026-48257
5.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Adobe Experience Manager is affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. Scope is changed.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Adobe | Adobe Experience Manager as a Cloud Service | 0 <= 2026.5.0 | affected |
| Adobe | Adobe Experience Manager as a Cloud Service | 2026.6.0 | unaffected |
| Adobe | Adobe Experience Manager 6.5 LTS | 0 <= SP1 | affected |
| Adobe | Adobe Experience Manager 6.5 LTS | SP2 - Hotfix for NPR-43972 | unaffected |
| Adobe | Adobe Experience Manager 6.5 | 0 <= 6.5.24 | affected |
| Adobe | Adobe Experience Manager 6.5 | 6.5.25 - Hotfix for NPR-43972 | unaffected |
Weaknesses
- CWE-79: Cross-site Scripting (DOM-based XSS) (CWE-79)
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.