Adobe Adobe Based in San Jose, best known for creating Photoshop, Acrobat (PDF).

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Adobe product.

RSS Feeds for Adobe security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Adobe products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Adobe Sorted by Most Security Vulnerabilities since 2018

Adobe Experience Manager900 vulnerabilities
Adobe Experience Manager (AEM), is a comprehensive content management solution for building websites, mobile apps and forms

Adobe Acrobat136 vulnerabilities
Application for working with PDF documents

Adobe Commerce136 vulnerabilities

Adobe ColdFusion128 vulnerabilities
Web application server since 1995. Tag or script based programming language CFML.

Adobe Magento112 vulnerabilities

Adobe Commerce110 vulnerabilities

Adobe InDesign73 vulnerabilities

Adobe Commerce B2b62 vulnerabilities

Adobe Animate60 vulnerabilities

Adobe Substance 3d Painter56 vulnerabilities

Adobe Illustrator47 vulnerabilities

Adobe Connect46 vulnerabilities

Adobe Bridge40 vulnerabilities

Adobe Framemaker34 vulnerabilities

Adobe Magento Open Source32 vulnerabilities

Adobe Dimension25 vulnerabilities

Adobe Substance 3d Stager23 vulnerabilities

Adobe After Effects23 vulnerabilities

Adobe Substance 3d Sampler21 vulnerabilities

Adobe Photoshop19 vulnerabilities
Popular Photo Editing Software

Adobe Media Encoder19 vulnerabilities

Adobe Substance 3d Designer15 vulnerabilities

Adobe Substance 3d Modeler15 vulnerabilities

Adobe Digital Editions12 vulnerabilities

Adobe Creative Cloud Desktop Application11 vulnerabilities
The desktop client for Adobe Creative Cloud

Adobe Premiere Pro7 vulnerabilities

Adobe Incopy7 vulnerabilities

Adobe Audition7 vulnerabilities

Adobe Lightroom3 vulnerabilities

Adobe Dreamweaver3 vulnerabilities

Adobe Photoshop Elements2 vulnerabilities

Adobe Aero1 vulnerability

Adobe Pdf Library Sdk1 vulnerability

Adobe Air Sdk Compiler1 vulnerability

Adobe Livecycle1 vulnerability

Recent Adobe Security Advisories

Advisory Title Published
APSB25-50 Security Updates Available for Adobe Commerce | APSB25-50 June 10, 2025
APSB25-41 Security Update Available for Adobe InCopy | APSB25-41 June 10, 2025
APSB25-53 Security Update Available for Adobe InDesign | APSB25-53 June 10, 2025
APSB25-48 Security updates available for Adobe Experience Manager | APSB25-48 June 10, 2025
APSB25-55 Security updates available for Adobe Substance3D - Sampler | APSB25-55 June 10, 2025
APSB25-57 Prenotification Security Advisory for Adobe Acrobat and Reader  | APSB25-57 June 10, 2025
APSB25-43 Security Updates Available for Adobe Illustrator | APSB25-43 May 13, 2025
APSB25-45 Security updates available for Adobe Dimension | APSB25-45 May 13, 2025
APSB25-37 Security Update Available for Adobe InDesign | APSB25-37 May 13, 2025
APSB25-36 Security updates available for Adobe Connect | APSB25-36 May 13, 2025

Known Exploited Adobe Vulnerabilities

The following Adobe vulnerabilities have recently been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Adobe ColdFusion Deserialization Vulnerability Adobe ColdFusion contains a deserialization vulnerability in the Apache BlazeDS library that allows for arbitrary code execution.
CVE-2017-3066 Exploit Probability: 93.0%
February 24, 2025
Adobe ColdFusion Improper Access Control Vulnerability Adobe ColdFusion contains an improper access control vulnerability that could allow an attacker to access or modify restricted files via an internet-exposed admin panel.
CVE-2024-20767 Exploit Probability: 94.1%
December 16, 2024
Adobe Flash Player Double Free Vulnerablity Adobe Flash Player contains a double free vulnerability that allows a remote attacker to execute arbitrary code.
CVE-2014-0502 Exploit Probability: 85.0%
September 17, 2024
Adobe Flash Player Incorrect Default Permissions Vulnerability Adobe Flash Player contains an incorrect default permissions vulnerability in the Firefox sandbox that allows a remote attacker to execute arbitrary code via crafted SWF content.
CVE-2013-0643 Exploit Probability: 36.3%
September 17, 2024
Adobe Flash Player Code Execution Vulnerability Adobe Flash Player contains an unspecified vulnerability in the ExternalInterface ActionScript functionality that allows a remote attacker to execute arbitrary code via crafted SWF content.
CVE-2013-0648 Exploit Probability: 36.9%
September 17, 2024
Adobe Flash Player Integer Underflow Vulnerablity Adobe Flash Player contains an integer underflow vulnerability that allows a remote attacker to execute arbitrary code.
CVE-2014-0497 Exploit Probability: 93.2%
September 17, 2024
Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) V Adobe Commerce and Magento Open Source contain an improper restriction of XML external entity reference (XXE) vulnerability that allows for remote code execution.
CVE-2024-34102 Exploit Probability: 94.4%
July 17, 2024
Adobe ColdFusion Deserialization of Untrusted Data Vulnerability Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution.
CVE-2023-38203 Exploit Probability: 94.3%
January 8, 2024
Adobe ColdFusion Deserialization of Untrusted Data Vulnerability Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution.
CVE-2023-29300 Exploit Probability: 92.9%
January 8, 2024
Adobe Acrobat and Reader Use-After-Free Vulnerability Adobe Acrobat and Reader contains a use-after-free vulnerability that allows for code execution in the context of the current user.
CVE-2023-21608 Exploit Probability: 89.0%
October 10, 2023
Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability Adobe Acrobat and Reader contains an out-of-bounds write vulnerability that allows for code execution.
CVE-2023-26369 Exploit Probability: 0.4%
September 14, 2023
Adobe ColdFusion Deserialization of Untrusted Data Vulnerability Adobe ColdFusion contains a deserialization of untrusted data vulnerability that could result in code execution in the context of the current user.
CVE-2023-26359 Exploit Probability: 83.1%
August 21, 2023
Adobe ColdFusion Improper Access Control Vulnerability Adobe ColdFusion contains an improper access control vulnerability that allows for a security feature bypass.
CVE-2023-29298 Exploit Probability: 94.3%
July 20, 2023
Adobe ColdFusion Improper Access Control Vulnerability Adobe ColdFusion contains an improper access control vulnerability that allows for a security feature bypass.
CVE-2023-38205 Exploit Probability: 94.3%
July 20, 2023
Adobe ColdFusion Improper Access Control Vulnerability Adobe ColdFusion contains an improper access control vulnerability that allows for remote code execution.
CVE-2023-26360 Exploit Probability: 94.3%
March 15, 2023
Adobe Acrobat and Reader Universal 3D Remote Code Execution Vulnerability Adobe Acrobat and Reader contains an array boundary issue in Universal 3D (U3D) support that could lead to remote code execution.
CVE-2009-3953 Exploit Probability: 90.5%
June 8, 2022
Adobe Flash Player Memory Corruption Vulnerability Adobe Flash Player contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service.
CVE-2010-1297 Exploit Probability: 93.7%
June 8, 2022
Adobe Acrobat and Reader Unspecified Vulnerability Adobe Acrobat and Reader contains an unespecified vulnerability described as a design flaw which could allow a specially crafted file to be printed silently an arbitrary number of times.
CVE-2008-0655 Exploit Probability: 71.0%
June 8, 2022
Adobe Acrobat and Reader Double Free Vulnerability Adobe Acrobat and Reader have a double free vulnerability that could lead to remote code execution.
CVE-2018-4990 Exploit Probability: 60.1%
June 8, 2022
Adobe Acrobat and Reader, Flash Player Unspecified Vulnerability Adobe Acrobat and Reader and Adobe Flash Player allows remote attackers to execute code or cause denial-of-service.
CVE-2009-1862 Exploit Probability: 58.0%
June 8, 2022

Of the known exploited vulnerabilities above, 14 are in the top 1%, or the 99th percentile of the EPSS exploit probability rankings. 5 known exploited Adobe vulnerabilities are in the top 5% (95th percentile or greater) of the EPSS exploit probability rankings.

Top 10 Riskiest Adobe Vulnerabilities

Based on the current exploit probability, these Adobe vulnerabilities are on CISA's Known Exploited vulnerabilities list (KEV) and are ranked by the current EPSS exploit probability.

Rank CVE EPSS Vulnerability
1 CVE-2018-15961 94.4% Adobe ColdFusion Remote Code Execution
2 CVE-2024-34102 94.4% Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) V
3 CVE-2023-26360 94.3% Adobe ColdFusion Improper Access Control Vulnerability
4 CVE-2023-29298 94.3% Adobe ColdFusion Improper Access Control Vulnerability
5 CVE-2010-2861 94.3% Adobe ColdFusion Directory Traversal Vulnerability
6 CVE-2023-38205 94.3% Adobe ColdFusion Improper Access Control Vulnerability
7 CVE-2023-38203 94.3% Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
8 CVE-2024-20767 94.1% Adobe ColdFusion Improper Access Control Vulnerability
9 CVE-2010-1297 93.7% Adobe Flash Player Memory Corruption Vulnerability
10 CVE-2009-0927 93.7% Adobe Reader and Adobe Acrobat Stack-Based Buffer Overflow Vulnerability

By the Year

In 2025 there have been 454 vulnerabilities in Adobe with an average score of 6.2 out of ten. Last year, in 2024 Adobe had 747 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Adobe in 2025 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2025 is greater by 0.05.




Year Vulnerabilities Average Score
2025 454 6.24
2024 747 6.20
2023 590 6.29
2022 421 6.80
2021 317 6.80
2020 307 7.47
2019 46 7.39
2018 94 7.64

It may take a day or so for new Adobe vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Adobe Security Vulnerabilities

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2025-46971 5.4 - Medium - June 10, 2025

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2025-46930 5.4 - Medium - June 10, 2025

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2025-46931 5.4 - Medium - June 10, 2025

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2025-46933 5.4 - Medium - June 10, 2025

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2025-46934 5.4 - Medium - June 10, 2025

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2025-46935 5.4 - Medium - June 10, 2025

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2025-46939 5.4 - Medium - June 10, 2025

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2025-46940 5.4 - Medium - June 10, 2025

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2025-46941 5.4 - Medium - June 10, 2025

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2025-46942 5.4 - Medium - June 10, 2025

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2025-46943 5.4 - Medium - June 10, 2025

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2025-46944 5.4 - Medium - June 10, 2025

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2025-46945 5.4 - Medium - June 10, 2025

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2025-46946 5.4 - Medium - June 10, 2025

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2025-46947 5.4 - Medium - June 10, 2025

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2025-46950 5.4 - Medium - June 10, 2025

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2025-46953 5.4 - Medium - June 10, 2025

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2025-46954 5.4 - Medium - June 10, 2025

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2025-46955 5.4 - Medium - June 10, 2025

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2025-46956 5.4 - Medium - June 10, 2025

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2025-46957 5.4 - Medium - June 10, 2025

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2025-46960 5.4 - Medium - June 10, 2025

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2025-46963 5.4 - Medium - June 10, 2025

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2025-46964 5.4 - Medium - June 10, 2025

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2025-46965 5.4 - Medium - June 10, 2025

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2025-46966 5.4 - Medium - June 10, 2025

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2025-46967 5.4 - Medium - June 10, 2025

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2025-46968 5.4 - Medium - June 10, 2025

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2025-46970 5.4 - Medium - June 10, 2025

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2025-46986 5.4 - Medium - June 10, 2025

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2025-47004 5.4 - Medium - June 10, 2025

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2025-47003 5.4 - Medium - June 10, 2025

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2025-47002 5.4 - Medium - June 10, 2025

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2025-47000 5.4 - Medium - June 10, 2025

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2025-46999 5.4 - Medium - June 10, 2025

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2025-46997 5.4 - Medium - June 10, 2025

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2025-46995 5.4 - Medium - June 10, 2025

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2025-46992 5.4 - Medium - June 10, 2025

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2025-46991 5.4 - Medium - June 10, 2025

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2025-46990 5.4 - Medium - June 10, 2025

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2025-46989 5.4 - Medium - June 10, 2025

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2025-46988 5.4 - Medium - June 10, 2025

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2025-46987 5.4 - Medium - June 10, 2025

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2025-46974 5.4 - Medium - June 10, 2025

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2025-46977 5.4 - Medium - June 10, 2025

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2025-46976 5.4 - Medium - June 10, 2025

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2025-46975 5.4 - Medium - June 10, 2025

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2025-46978 5.4 - Medium - June 10, 2025

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2025-46973 5.4 - Medium - June 10, 2025

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2025-46972 5.4 - Medium - June 10, 2025

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.