Adobe Based in San Jose, best known for creating Photoshop, Acrobat (PDF).
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any Adobe product.
RSS Feeds for Adobe security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in Adobe products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by Adobe Sorted by Most Security Vulnerabilities since 2018
Adobe Experience Manager900 vulnerabilities
Adobe Experience Manager (AEM), is a comprehensive content management solution for building websites, mobile apps and forms
Adobe ColdFusion128 vulnerabilities
Web application server since 1995. Tag or script based programming language CFML.
Adobe Creative Cloud Desktop Application11 vulnerabilities
The desktop client for Adobe Creative Cloud
Recent Adobe Security Advisories
Advisory | Title | Published |
---|---|---|
APSB25-50 | Security Updates Available for Adobe Commerce | APSB25-50 | June 10, 2025 |
APSB25-41 | Security Update Available for Adobe InCopy | APSB25-41 | June 10, 2025 |
APSB25-53 | Security Update Available for Adobe InDesign | APSB25-53 | June 10, 2025 |
APSB25-48 | Security updates available for Adobe Experience Manager | APSB25-48 | June 10, 2025 |
APSB25-55 | Security updates available for Adobe Substance3D - Sampler | APSB25-55 | June 10, 2025 |
APSB25-57 | Prenotification Security Advisory for Adobe Acrobat and Reader | APSB25-57 | June 10, 2025 |
APSB25-43 | Security Updates Available for Adobe Illustrator | APSB25-43 | May 13, 2025 |
APSB25-45 | Security updates available for Adobe Dimension | APSB25-45 | May 13, 2025 |
APSB25-37 | Security Update Available for Adobe InDesign | APSB25-37 | May 13, 2025 |
APSB25-36 | Security updates available for Adobe Connect | APSB25-36 | May 13, 2025 |
Known Exploited Adobe Vulnerabilities
The following Adobe vulnerabilities have recently been marked by CISA as Known to be Exploited by threat actors.
Title | Description | Added |
---|---|---|
Adobe ColdFusion Deserialization Vulnerability |
Adobe ColdFusion contains a deserialization vulnerability in the Apache BlazeDS library that allows for arbitrary code execution. CVE-2017-3066 Exploit Probability: 93.0% |
February 24, 2025 |
Adobe ColdFusion Improper Access Control Vulnerability |
Adobe ColdFusion contains an improper access control vulnerability that could allow an attacker to access or modify restricted files via an internet-exposed admin panel. CVE-2024-20767 Exploit Probability: 94.1% |
December 16, 2024 |
Adobe Flash Player Double Free Vulnerablity |
Adobe Flash Player contains a double free vulnerability that allows a remote attacker to execute arbitrary code. CVE-2014-0502 Exploit Probability: 85.0% |
September 17, 2024 |
Adobe Flash Player Incorrect Default Permissions Vulnerability |
Adobe Flash Player contains an incorrect default permissions vulnerability in the Firefox sandbox that allows a remote attacker to execute arbitrary code via crafted SWF content. CVE-2013-0643 Exploit Probability: 36.3% |
September 17, 2024 |
Adobe Flash Player Code Execution Vulnerability |
Adobe Flash Player contains an unspecified vulnerability in the ExternalInterface ActionScript functionality that allows a remote attacker to execute arbitrary code via crafted SWF content. CVE-2013-0648 Exploit Probability: 36.9% |
September 17, 2024 |
Adobe Flash Player Integer Underflow Vulnerablity |
Adobe Flash Player contains an integer underflow vulnerability that allows a remote attacker to execute arbitrary code. CVE-2014-0497 Exploit Probability: 93.2% |
September 17, 2024 |
Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) V |
Adobe Commerce and Magento Open Source contain an improper restriction of XML external entity reference (XXE) vulnerability that allows for remote code execution. CVE-2024-34102 Exploit Probability: 94.4% |
July 17, 2024 |
Adobe ColdFusion Deserialization of Untrusted Data Vulnerability |
Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution. CVE-2023-38203 Exploit Probability: 94.3% |
January 8, 2024 |
Adobe ColdFusion Deserialization of Untrusted Data Vulnerability |
Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution. CVE-2023-29300 Exploit Probability: 92.9% |
January 8, 2024 |
Adobe Acrobat and Reader Use-After-Free Vulnerability |
Adobe Acrobat and Reader contains a use-after-free vulnerability that allows for code execution in the context of the current user. CVE-2023-21608 Exploit Probability: 89.0% |
October 10, 2023 |
Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability |
Adobe Acrobat and Reader contains an out-of-bounds write vulnerability that allows for code execution. CVE-2023-26369 Exploit Probability: 0.4% |
September 14, 2023 |
Adobe ColdFusion Deserialization of Untrusted Data Vulnerability |
Adobe ColdFusion contains a deserialization of untrusted data vulnerability that could result in code execution in the context of the current user. CVE-2023-26359 Exploit Probability: 83.1% |
August 21, 2023 |
Adobe ColdFusion Improper Access Control Vulnerability |
Adobe ColdFusion contains an improper access control vulnerability that allows for a security feature bypass. CVE-2023-29298 Exploit Probability: 94.3% |
July 20, 2023 |
Adobe ColdFusion Improper Access Control Vulnerability |
Adobe ColdFusion contains an improper access control vulnerability that allows for a security feature bypass. CVE-2023-38205 Exploit Probability: 94.3% |
July 20, 2023 |
Adobe ColdFusion Improper Access Control Vulnerability |
Adobe ColdFusion contains an improper access control vulnerability that allows for remote code execution. CVE-2023-26360 Exploit Probability: 94.3% |
March 15, 2023 |
Adobe Acrobat and Reader Universal 3D Remote Code Execution Vulnerability |
Adobe Acrobat and Reader contains an array boundary issue in Universal 3D (U3D) support that could lead to remote code execution. CVE-2009-3953 Exploit Probability: 90.5% |
June 8, 2022 |
Adobe Flash Player Memory Corruption Vulnerability |
Adobe Flash Player contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service. CVE-2010-1297 Exploit Probability: 93.7% |
June 8, 2022 |
Adobe Acrobat and Reader Unspecified Vulnerability |
Adobe Acrobat and Reader contains an unespecified vulnerability described as a design flaw which could allow a specially crafted file to be printed silently an arbitrary number of times. CVE-2008-0655 Exploit Probability: 71.0% |
June 8, 2022 |
Adobe Acrobat and Reader Double Free Vulnerability |
Adobe Acrobat and Reader have a double free vulnerability that could lead to remote code execution. CVE-2018-4990 Exploit Probability: 60.1% |
June 8, 2022 |
Adobe Acrobat and Reader, Flash Player Unspecified Vulnerability |
Adobe Acrobat and Reader and Adobe Flash Player allows remote attackers to execute code or cause denial-of-service. CVE-2009-1862 Exploit Probability: 58.0% |
June 8, 2022 |
Of the known exploited vulnerabilities above, 14 are in the top 1%, or the 99th percentile of the EPSS exploit probability rankings. 5 known exploited Adobe vulnerabilities are in the top 5% (95th percentile or greater) of the EPSS exploit probability rankings.
Top 10 Riskiest Adobe Vulnerabilities
Based on the current exploit probability, these Adobe vulnerabilities are on CISA's Known Exploited vulnerabilities list (KEV) and are ranked by the current EPSS exploit probability.
Rank | CVE | EPSS | Vulnerability |
---|---|---|---|
1 | CVE-2018-15961 | 94.4% | Adobe ColdFusion Remote Code Execution |
2 | CVE-2024-34102 | 94.4% | Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) V |
3 | CVE-2023-26360 | 94.3% | Adobe ColdFusion Improper Access Control Vulnerability |
4 | CVE-2023-29298 | 94.3% | Adobe ColdFusion Improper Access Control Vulnerability |
5 | CVE-2010-2861 | 94.3% | Adobe ColdFusion Directory Traversal Vulnerability |
6 | CVE-2023-38205 | 94.3% | Adobe ColdFusion Improper Access Control Vulnerability |
7 | CVE-2023-38203 | 94.3% | Adobe ColdFusion Deserialization of Untrusted Data Vulnerability |
8 | CVE-2024-20767 | 94.1% | Adobe ColdFusion Improper Access Control Vulnerability |
9 | CVE-2010-1297 | 93.7% | Adobe Flash Player Memory Corruption Vulnerability |
10 | CVE-2009-0927 | 93.7% | Adobe Reader and Adobe Acrobat Stack-Based Buffer Overflow Vulnerability |
By the Year
In 2025 there have been 454 vulnerabilities in Adobe with an average score of 6.2 out of ten. Last year, in 2024 Adobe had 747 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Adobe in 2025 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2025 is greater by 0.05.
Year | Vulnerabilities | Average Score |
---|---|---|
2025 | 454 | 6.24 |
2024 | 747 | 6.20 |
2023 | 590 | 6.29 |
2022 | 421 | 6.80 |
2021 | 317 | 6.80 |
2020 | 307 | 7.47 |
2019 | 46 | 7.39 |
2018 | 94 | 7.64 |
It may take a day or so for new Adobe vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Adobe Security Vulnerabilities
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability
CVE-2025-46971
5.4 - Medium
- June 10, 2025
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.
XSS
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability
CVE-2025-46930
5.4 - Medium
- June 10, 2025
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.
XSS
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability
CVE-2025-46931
5.4 - Medium
- June 10, 2025
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.
XSS
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability
CVE-2025-46933
5.4 - Medium
- June 10, 2025
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.
XSS
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability
CVE-2025-46934
5.4 - Medium
- June 10, 2025
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.
XSS
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability
CVE-2025-46935
5.4 - Medium
- June 10, 2025
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.
XSS
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability
CVE-2025-46939
5.4 - Medium
- June 10, 2025
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.
XSS
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability
CVE-2025-46940
5.4 - Medium
- June 10, 2025
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.
XSS
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability
CVE-2025-46941
5.4 - Medium
- June 10, 2025
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.
XSS
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability
CVE-2025-46942
5.4 - Medium
- June 10, 2025
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.
XSS
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability
CVE-2025-46943
5.4 - Medium
- June 10, 2025
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.
XSS
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability
CVE-2025-46944
5.4 - Medium
- June 10, 2025
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.
XSS
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability
CVE-2025-46945
5.4 - Medium
- June 10, 2025
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.
XSS
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability
CVE-2025-46946
5.4 - Medium
- June 10, 2025
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.
XSS
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability
CVE-2025-46947
5.4 - Medium
- June 10, 2025
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.
XSS
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability
CVE-2025-46950
5.4 - Medium
- June 10, 2025
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.
XSS
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability
CVE-2025-46953
5.4 - Medium
- June 10, 2025
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.
XSS
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability
CVE-2025-46954
5.4 - Medium
- June 10, 2025
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.
XSS
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability
CVE-2025-46955
5.4 - Medium
- June 10, 2025
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.
XSS
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability
CVE-2025-46956
5.4 - Medium
- June 10, 2025
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.
XSS
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability
CVE-2025-46957
5.4 - Medium
- June 10, 2025
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.
XSS
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability
CVE-2025-46960
5.4 - Medium
- June 10, 2025
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.
XSS
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability
CVE-2025-46963
5.4 - Medium
- June 10, 2025
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.
XSS
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability
CVE-2025-46964
5.4 - Medium
- June 10, 2025
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.
XSS
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability
CVE-2025-46965
5.4 - Medium
- June 10, 2025
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.
XSS
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability
CVE-2025-46966
5.4 - Medium
- June 10, 2025
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.
XSS
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability
CVE-2025-46967
5.4 - Medium
- June 10, 2025
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.
XSS
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability
CVE-2025-46968
5.4 - Medium
- June 10, 2025
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.
XSS
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability
CVE-2025-46970
5.4 - Medium
- June 10, 2025
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.
XSS
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability
CVE-2025-46986
5.4 - Medium
- June 10, 2025
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.
XSS
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability
CVE-2025-47004
5.4 - Medium
- June 10, 2025
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.
XSS
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability
CVE-2025-47003
5.4 - Medium
- June 10, 2025
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.
XSS
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability
CVE-2025-47002
5.4 - Medium
- June 10, 2025
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.
XSS
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability
CVE-2025-47000
5.4 - Medium
- June 10, 2025
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.
XSS
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability
CVE-2025-46999
5.4 - Medium
- June 10, 2025
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.
XSS
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability
CVE-2025-46997
5.4 - Medium
- June 10, 2025
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.
XSS
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability
CVE-2025-46995
5.4 - Medium
- June 10, 2025
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.
XSS
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability
CVE-2025-46992
5.4 - Medium
- June 10, 2025
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.
XSS
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability
CVE-2025-46991
5.4 - Medium
- June 10, 2025
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.
XSS
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability
CVE-2025-46990
5.4 - Medium
- June 10, 2025
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.
XSS
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability
CVE-2025-46989
5.4 - Medium
- June 10, 2025
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.
XSS
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability
CVE-2025-46988
5.4 - Medium
- June 10, 2025
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.
XSS
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability
CVE-2025-46987
5.4 - Medium
- June 10, 2025
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.
XSS
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability
CVE-2025-46974
5.4 - Medium
- June 10, 2025
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.
XSS
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability
CVE-2025-46977
5.4 - Medium
- June 10, 2025
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.
XSS
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability
CVE-2025-46976
5.4 - Medium
- June 10, 2025
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.
XSS
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability
CVE-2025-46975
5.4 - Medium
- June 10, 2025
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.
XSS
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability
CVE-2025-46978
5.4 - Medium
- June 10, 2025
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.
XSS
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability
CVE-2025-46973
5.4 - Medium
- June 10, 2025
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.
XSS
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability
CVE-2025-46972
5.4 - Medium
- June 10, 2025
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.
XSS