Total
1050 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-46918 | 1 Adobe | 1 Experience Manager | 2025-06-12 | N/A | 5.4 MEDIUM |
|
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
|
|||||
| CVE-2025-46917 | 1 Adobe | 1 Experience Manager | 2025-06-12 | N/A | 5.4 MEDIUM |
|
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
|
|||||
| CVE-2025-46916 | 1 Adobe | 1 Experience Manager | 2025-06-12 | N/A | 5.4 MEDIUM |
|
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
|
|||||
| CVE-2025-46915 | 1 Adobe | 1 Experience Manager | 2025-06-12 | N/A | 5.4 MEDIUM |
|
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
|
|||||
| CVE-2025-46914 | 1 Adobe | 1 Experience Manager | 2025-06-12 | N/A | 5.4 MEDIUM |
|
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
|
|||||
| CVE-2025-46913 | 1 Adobe | 1 Experience Manager | 2025-06-12 | N/A | 4.8 MEDIUM |
|
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
|
|||||
| CVE-2025-46912 | 1 Adobe | 1 Experience Manager | 2025-06-12 | N/A | 5.4 MEDIUM |
|
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
|
|||||
| CVE-2025-46911 | 1 Adobe | 1 Experience Manager | 2025-06-12 | N/A | 4.8 MEDIUM |
|
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
|
|||||
| CVE-2025-46910 | 1 Adobe | 1 Experience Manager | 2025-06-12 | N/A | 5.4 MEDIUM |
|
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
|
|||||
| CVE-2025-46909 | 1 Adobe | 1 Experience Manager | 2025-06-12 | N/A | 5.4 MEDIUM |
|
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
|
|||||
| CVE-2025-46927 | 1 Adobe | 1 Experience Manager | 2025-06-12 | N/A | 5.4 MEDIUM |
|
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
|
|||||
| CVE-2025-46926 | 1 Adobe | 1 Experience Manager | 2025-06-12 | N/A | 5.4 MEDIUM |
|
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
|
|||||
| CVE-2025-46924 | 1 Adobe | 1 Experience Manager | 2025-06-12 | N/A | 5.4 MEDIUM |
|
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
|
|||||
| CVE-2025-46923 | 1 Adobe | 1 Experience Manager | 2025-06-12 | N/A | 5.4 MEDIUM |
|
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
|
|||||
| CVE-2025-46922 | 1 Adobe | 1 Experience Manager | 2025-06-12 | N/A | 5.4 MEDIUM |
|
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
|
|||||
| CVE-2025-46920 | 1 Adobe | 1 Experience Manager | 2025-06-12 | N/A | 4.6 MEDIUM |
|
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
|
|||||
| CVE-2025-46919 | 1 Adobe | 1 Experience Manager | 2025-06-12 | N/A | 5.4 MEDIUM |
|
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
|
|||||
| CVE-2017-3111 | 1 Adobe | 1 Experience Manager | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. Sensitive tokens are included in http GET requests under certain circumstances.
|
|||||
| CVE-2017-3108 | 1 Adobe | 1 Experience Manager | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Adobe Experience Manager 6.2 and earlier has a malicious file execution vulnerability.
|
|||||
| CVE-2017-3109 | 1 Adobe | 1 Experience Manager | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. Adobe Experience Manager has a reflected cross-site scripting vulnerability in the HtmlRendererServlet.
|
|||||
| CVE-2017-11296 | 1 Adobe | 1 Experience Manager | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. A cross-site scripting vulnerability in Apache Sling Servlets Post 2.3.20 has been resolved in Adobe Experience Manager.
|
|||||
| CVE-2017-3107 | 1 Adobe | 1 Experience Manager | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
Adobe Experience Manager 6.3 and earlier has a misconfiguration vulnerability.
|
|||||
| CVE-2017-3110 | 1 Adobe | 1 Experience Manager | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
Adobe Experience Manager 6.1 and earlier has a sensitive data exposure vulnerability.
|
|||||
| CVE-2024-53967 | 1 Adobe | 1 Experience Manager | 2025-04-14 | N/A | 5.4 MEDIUM |
|
Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited to execute arbitrary code in the context of the victim's browser session. By manipulating the DOM environment in the victim's browser, a low privileged attacker can inject malicious scripts that are executed by the victim's browser. Exploitation of this issue requires user interaction, typically in the form of following a malicious link.
|
|||||
| CVE-2024-53968 | 1 Adobe | 1 Experience Manager | 2025-04-14 | N/A | 5.4 MEDIUM |
|
Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited to execute arbitrary code in the context of the victim's browser session. By manipulating the DOM environment in the victim's browser, a low privileged attacker can inject malicious scripts that are executed by the victim's browser. Exploitation of this issue requires user interaction, typically in the form of following a malicious link.
|
|||||
| CVE-2024-53969 | 1 Adobe | 1 Experience Manager | 2025-04-14 | N/A | 5.4 MEDIUM |
|
Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited to execute arbitrary code in the context of the victim's browser session. By manipulating the DOM environment in the victim's browser, a low privileged attacker can inject malicious scripts that are executed by the victim's browser. Exploitation of this issue requires user interaction, typically in the form of following a malicious link.
|
|||||
| CVE-2024-53970 | 1 Adobe | 1 Experience Manager | 2025-04-14 | N/A | 5.4 MEDIUM |
|
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
|
|||||
| CVE-2016-4168 | 1 Adobe | 1 Experience Manager | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in Adobe Experience Manager 5.6.1, 6.0, and 6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2016-4170 | 1 Adobe | 1 Experience Manager | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in Adobe Experience Manager 5.6.1, 6.0, 6.1, and 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2016-0956 | 5 Adobe, Apache, Apple and 2 more | 5 Experience Manager, Sling, Mac Os X and 2 more | 2025-04-12 | 7.8 HIGH | 7.5 HIGH |
|
The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors.
|
|||||
| CVE-2016-0958 | 4 Adobe, Apple, Linux and 1 more | 4 Experience Manager, Mac Os X, Linux Kernel and 1 more | 2025-04-12 | 7.8 HIGH | 7.5 HIGH |
|
Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 might allow remote attackers to have an unspecified impact via a crafted serialized Java object.
|
|||||
| CVE-2016-6933 | 1 Adobe | 2 Experience Manager, Livecycle | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Adobe Experience Manager Forms versions 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4 have an input validation issue in the AACComponent that could be used in cross-site scripting attacks.
|
|||||
| CVE-2016-7883 | 1 Adobe | 1 Experience Manager | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Adobe Experience Manager version 6.2 has an input validation issue in create Launch wizard that could be used in cross-site scripting attacks.
|
|||||
| CVE-2016-7882 | 1 Adobe | 1 Experience Manager | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Adobe Experience Manager versions 6.2 and earlier have an input validation issue in the WCMDebug filter that could be used in cross-site scripting attacks.
|
|||||
| CVE-2016-0955 | 4 Adobe, Apple, Linux and 1 more | 4 Experience Manager, Mac Os X, Linux Kernel and 1 more | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in Adobe Experience Manager (AEM) 6.1.0 allows remote authenticated users to inject arbitrary web script or HTML via a folder title field that is mishandled in the Deletion popup dialog.
|
|||||
| CVE-2016-4169 | 1 Adobe | 1 Experience Manager | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Adobe Experience Manager 6.0, 6.1, and 6.2 allow attackers to obtain sensitive audit log event information via unspecified vectors.
|
|||||
| CVE-2016-0957 | 4 Adobe, Apple, Linux and 1 more | 5 Dispatcher, Experience Manager, Mac Os X and 2 more | 2025-04-12 | 7.8 HIGH | 7.5 HIGH |
|
Dispatcher before 4.1.5 in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 does not properly implement a URL filter, which allows remote attackers to bypass dispatcher rules via unspecified vectors.
|
|||||
| CVE-2016-7884 | 1 Adobe | 1 Experience Manager | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Adobe Experience Manager versions 6.1 and earlier have an input validation issue in the DAM create assets that could be used in cross-site scripting attacks.
|
|||||
| CVE-2016-7885 | 1 Adobe | 1 Experience Manager | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
|
Adobe Experience Manager versions 6.2 and earlier have a vulnerability that could be used in Cross-Site Request Forgery attacks.
|
|||||
| CVE-2016-4253 | 1 Adobe | 1 Experience Manager | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
|
The Backup functionality in Adobe Experience Manager 5.6.1, 6.0, 6.1, and 6.2 allows attackers to obtain sensitive information via unspecified vectors.
|
|||||