Adobe Experience Manager Screens
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Adobe Experience Manager Screens.
Recent Adobe Experience Manager Screens Security Advisories
| Advisory | Title | Published |
|---|---|---|
| APSB26-34 | Security updates available for Adobe Experience Manager Screens | APSB26-34 | April 14, 2026 |
| APSB25-98 | Security updates available for Adobe Experience Manager Screens | APSB25-98 | October 14, 2025 |
| APSB25-68 | Security updates available for Adobe Experience Manager Screens | APSB25-68 | July 8, 2025 |
| APSB25-32 | Security updates available for Adobe Experience Manager Screens | APSB25-32 | April 8, 2025 |
By the Year
In 2026 there have been 4 vulnerabilities in Adobe Experience Manager Screens with an average score of 5.4 out of ten. Last year, in 2025 Experience Manager Screens had 9 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Experience Manager Screens in 2026 could surpass last years number. Last year, the average CVE base score was greater by 1.67
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 4 | 5.40 |
| 2025 | 9 | 7.07 |
| 2024 | 0 | 0.00 |
| 2023 | 1 | 9.80 |
It may take a day or so for new Experience Manager Screens vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Adobe Experience Manager Screens Security Vulnerabilities
Adobe Experience Manager 6.5.x FP11.7 DOM XSS
CVE-2026-34625
5.4 - Medium
- April 14, 2026
Adobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage.
XSS
Adobe Experience Manager 6.5.24 FP11.7 DOM XSS before 6.5.25
CVE-2026-34623
5.4 - Medium
- April 14, 2026
Adobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a specially crafted web page.
XSS
AEM 6.5.24/FP11.7 DOM XSS via crafted page
CVE-2026-34624
5.4 - Medium
- April 14, 2026
Adobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage.
XSS
Adobe Experience Manager 6.5.24/FP11.7 DOM-XSS Vulnerability
CVE-2026-27288
5.4 - Medium
- April 14, 2026
Adobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage.
XSS
Adobe Experience Manager <=6.5.23 DOM XSS -> arbitrary code exec
CVE-2025-64537
9.3 - Critical
- December 10, 2025
Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could lead to arbitrary code execution. An attacker could exploit this vulnerability by injecting malicious scripts into a web page that are executed in the context of the victim's browser. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. Exploitation of this issue requires user interaction in that a victim must visit a crafted malicious page.
XSS
Adobe Experience Manager <6.5.23: DOM XSS in 6.5.23 and earlier
CVE-2025-64539
9.3 - Critical
- December 10, 2025
Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could lead to arbitrary code execution. An attacker could exploit this vulnerability by injecting malicious scripts into a web page that are executed in the context of the victim's browser. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. Exploitation of this issue requires user interaction in that a victim must visit a crafted malicious page.
XSS
Adobe Experience Manager 6.5.x DOM-based XSS
CVE-2025-64538
9.3 - Critical
- December 10, 2025
Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could lead to arbitrary code execution. An attacker could exploit this vulnerability by injecting malicious scripts into a web page that are executed in the context of the victim's browser. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. Exploitation of this issue requires user interaction in that a victim must visit a crafted malicious page.
XSS
Stored XSS in Adobe Experience Manager 11.6 or earlier Targeting Form Fields
CVE-2025-61797
5.4 - Medium
- October 14, 2025
Adobe Experience Manager versions 11.6 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field. Exploitation of this issue requires user interaction in that a victim must open a malicious link. Scope is changed.
XSS
Adobe Experience Manager <=11.6 Stored XSS in Form Fields
CVE-2025-54272
5.4 - Medium
- October 14, 2025
Adobe Experience Manager versions 11.6 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field. Exploitation of this issue requires user interaction in that a victim must open a malicious link. Scope is changed.
XSS
Adobe Experience Manager 11.6 and earlier: Stored XSS in form fields
CVE-2025-61796
5.4 - Medium
- October 14, 2025
Adobe Experience Manager versions 11.6 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field. Exploitation of this issue requires user interaction in that a victim must open a malicious link. Scope is changed.
XSS
Joomla ProFiles 1.0-1.5.0 XSS Stored Vulnerability
CVE-2025-54296
- July 23, 2025
A stored XSS vulnerability in ProFiles component 1.0-1.5.0 for Joomla was discovered.
XSS
Stored XSS in Joomla CComment 5.0.0-6.1.14 component
CVE-2025-54297
- July 23, 2025
A stored XSS vulnerability in CComment component 5.0.0-6.1.14 for Joomla was discovered.
XSS
Adobe Experience Manager Screens FP11.3 & earlier - Stored XSS
CVE-2025-27205
5.4 - Medium
- April 08, 2025
Adobe Experience Manager Screens versions FP11.3 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field. Exploitation of this issue requires user interaction in that a victim must open a malicious link.
XSS
Apache HTTDSrv 2.4.0-55 mod_proxy RRS Request Smuggling
CVE-2023-25690
9.8 - Critical
- March 07, 2023
Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution. For example, something like: RewriteEngine on RewriteRule "^/here/(.*)" "http://example.com:8080/elsewhere?$1"; [P] ProxyPassReverse /here/ http://example.com:8080/ Request splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version 2.4.56 of Apache HTTP Server.
HTTP Request Smuggling
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Adobe Experience Manager Screens or by Adobe? Click the Watch button to subscribe.
