CVE-2026-48355

Summary

Adobe Experience Manager is affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.

Affected Software

VendorProductVersion RangeStatus
AdobeAdobe Experience Manager as a Cloud Service0 <= 2026.5.0affected
AdobeAdobe Experience Manager as a Cloud Service2026.6.0unaffected
AdobeAdobe Experience Manager 6.5 LTS0 <= SP1affected
AdobeAdobe Experience Manager 6.5 LTSSP2 - Hotfix for NPR-43972unaffected
AdobeAdobe Experience Manager 6.50 <= 6.5.24affected
AdobeAdobe Experience Manager 6.56.5.25 - Hotfix for NPR-43972unaffected

Weaknesses

  • CWE-79: Cross-site Scripting (Stored XSS) (CWE-79)

References