CVE Daily

CVE-2025-46953

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cr...

Medium CVSS 5.4

Overview

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Scope is changed.

CWE: CWE-79 Published: 2025-06-10T23:15:39.377
Risk analysis

This vulnerability is rated 🟑 MEDIUM.

  • CVSS: 5.4 (MEDIUM)
  • Detected tags: xss (tag impact: MODERATE)

Recommended actions:

  • Apply context-aware output encoding.
  • Enable Content-Security-Policy and HttpOnly/SameSite cookies.

Recommended tools

Tags