CVE-2026-27254

EPSS 0.04%
Veröffentlicht 11.03.2026 00:23:11
Zuletzt bearbeitet 06.04.2026 14:08:05
Quelle psirt@adobe.com
CVE-Watchlists
Login
Unerledigt
Login

Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

NVD 4 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Adobe ≫ Experience Manager SwEdition- Version < 6.5.24

Adobe ≫ Experience Manager SwEditionaem_cloud_service Version < 2026.2.0

Adobe ≫ Experience Manager Version6.5 Update- SwEditionlts

Adobe ≫ Experience Manager Version6.5 Updatesp1 SwEditionlts

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.105

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
psirt@adobe.com	5.4	2.3	2.7	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://helpx.adobe.com/security/products/experience-manager/apsb26-24.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-27254

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-27254

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-27254

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-27254