CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-46958 – Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
https://notcve.org/view.php?id=CVE-2025-46958
05 Aug 2025 — Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Las versiones 6.5.22 y anteriores de Adobe Experience Manager se ven afectadas por una vulnerabilidad de Cross-Site Scripting (XSS) almacenado que un atacante con po... • https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-47001 – Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
https://notcve.org/view.php?id=CVE-2025-47001
30 Jul 2025 — Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Las versiones 6.5.22 y anteriores de Adobe Experience Manager se ven afectadas por una vulnerabilidad de cross-site scripting (XSS) almacenado que un atacante con po... • https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2025-46993 – Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
https://notcve.org/view.php?id=CVE-2025-46993
24 Jul 2025 — Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Las versiones 6.5.22 y anteriores de Adobe Experience Manager se ven afectadas por una vulnerabilidad de Cross-Site Scripting (XSS) Almacenado que un atacante con po... • https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2025-46996 – Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
https://notcve.org/view.php?id=CVE-2025-46996
24 Jul 2025 — Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Las versiones 6.5.22 y anteriores de Adobe Experience Manager se ven afectadas por una vulnerabilidad de Cross-Site Scripting (XSS) Almacenado que un atacante con po... • https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2025-47061 – Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
https://notcve.org/view.php?id=CVE-2025-47061
24 Jul 2025 — Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Las versiones 6.5.22 y anteriores de Adobe Experience Manager se ven afectadas por una vulnerabilidad de Cross-Site Scripting (XSS) Almacenado que un atacante con po... • https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 4%CPEs: 6EXPL: 1CVE-2025-34510 – Sitecore XM, XC, and XP Post-Auth RCE via Zip Slip
https://notcve.org/view.php?id=CVE-2025-34510
17 Jun 2025 — Sitecore Experience Manager (XM), Experience Platform (XP), and Experience Commerce (XC) versions 9.0 through 9.3 and 10.0 through 10.4 are affected by a Zip Slip vulnerability. A remote, authenticated attacker can exploit this issue by sending a crafted HTTP request to upload a ZIP archive containing path traversal sequences, allowing arbitrary file writes and leading to code execution. • https://labs.watchtowr.com/is-b-for-backdoor-pre-auth-rce-chain-in-sitecore-experience-platform • CWE-23: Relative Path Traversal •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36213 – Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
https://notcve.org/view.php?id=CVE-2024-36213
13 Jun 2024 — Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Las versiones 6.5.20 y anteriores de Adobe Experience Manager se ven afectadas por una vulnerabilidad de cross-site scripting (XSS) almacenado que un atacante podría aprovechar pa... • https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-26126 – Adobe Experience Manager | Improper Input Validation (CWE-20)
https://notcve.org/view.php?id=CVE-2024-26126
13 Jun 2024 — Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect the integrity of the page. Exploitation of this issue requires user interaction. Las versiones 6.5.20 y anteriores de Adobe Experience Manager se ven afectadas por una vulnerabilidad de validación de entrada incorrecta que podría provocar una omisión de... • https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 1%CPEs: 2EXPL: 0CVE-2024-36150 – Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
https://notcve.org/view.php?id=CVE-2024-36150
13 Jun 2024 — Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Las versiones 6.5.20 y anteriores de Adobe Experience Manager se ven afectadas por una vulnerabilidad de cross-site scripting (XSS) almacenado que un atacante podría aprovechar pa... • https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 1%CPEs: 2EXPL: 0CVE-2024-36238 – Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
https://notcve.org/view.php?id=CVE-2024-36238
13 Jun 2024 — Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically requires user interaction, such as convincing a user to click on a malicious link or to interact with a maliciously crafted web page. Las versiones 6.5.20 y anteriores de Adobe Experience Manager se ven afectadas por una vul... • https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •