Adobe Experience Manager Forms
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Adobe Experience Manager Forms.
By the Year
In 2026 there have been 0 vulnerabilities in Adobe Experience Manager Forms. Last year, in 2025 Experience Manager Forms had 2 security vulnerabilities published. Right now, Experience Manager Forms is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 2 | 8.75 |
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 1 | 7.50 |
| 2019 | 2 | 6.10 |
It may take a day or so for new Experience Manager Forms vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Adobe Experience Manager Forms Security Vulnerabilities
Adobe Experience Manager XXE (Arbitrary FS Read) before 6.5.23
CVE-2025-54254
7.5 - High
- August 05, 2025
Adobe Experience Manager versions 6.5.23 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files on the local file system. Exploitation of this issue does not require user interaction.
XXE
Adobe Experience Manager 6.5.23 RCE via Misconfiguration
CVE-2025-54253
10 - Critical
- August 05, 2025
Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration vulnerability that could result in arbitrary code execution. An attacker could leverage this vulnerability to bypass security mechanisms and execute code. Exploitation of this issue does not require user interaction and scope is changed.
AuthZ
An AEM java servlet in AEM versions 6.5.5.0 (and below) and 6.4.8.1 (and below) executes with the permissions of a high privileged service user
CVE-2020-9733
7.5 - High
- September 10, 2020
An AEM java servlet in AEM versions 6.5.5.0 (and below) and 6.4.8.1 (and below) executes with the permissions of a high privileged service user. If exploited, this could lead to read-only access to sensitive data in an AEM repository.
Information Disclosure
Adobe Experience Manager Forms versions 6.3-6.5 have a reflected cross-site scripting vulnerability
CVE-2019-8089
- October 22, 2019
Adobe Experience Manager Forms versions 6.3-6.5 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
Adobe Experience Manager Forms versions 6.2, 6.3 and 6.4 have a stored cross-site scripting vulnerability
CVE-2019-7129
6.1 - Medium
- May 29, 2019
Adobe Experience Manager Forms versions 6.2, 6.3 and 6.4 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
XSS
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Adobe Experience Manager Forms or by Adobe? Click the Watch button to subscribe.
