CVE-2026-47944

Severity CVSS v4.0:
Pending analysis
Type:
CWE-79 Cross-Site Scripting (XSS)
Publication date:
09/06/2026
Last modified:
10/06/2026

Description

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:adobe:experience_manager:*:*:*:*:-:*:*:* 6.5.25.0 (excluding)
cpe:2.3:a:adobe:experience_manager:*:*:*:*:aem_cloud_service:*:*:* 2026.5.0 (excluding)
cpe:2.3:a:adobe:experience_manager:6.5:-:*:*:lts:*:*:*
cpe:2.3:a:adobe:experience_manager:6.5:sp1:*:*:lts:*:*:*