Adobe Experience Manager 6.5.x FP11.7 DOM XSS
CVE-2026-34625 Published on April 14, 2026

Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
Adobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage.

Vendor Advisory NVD

Vulnerability Analysis

CVE-2026-34625 can be exploited with network access, requires user interaction and a small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
REQUIRED
Scope:
CHANGED
Confidentiality Impact:
LOW
Integrity Impact:
LOW
Availability Impact:
NONE

Weakness Type

What is a XSS Vulnerability?

The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

CVE-2026-34625 has been classified to as a XSS vulnerability or weakness.


Products Associated with CVE-2026-34625

stack.watch emails you whenever new vulnerabilities are published in Adobe Experience Manager or Adobe Experience Manager Screens. Just hit a watch button to start following.

Adobe Experience Manager
 
Adobe Experience Manager Screens
 

Affected Versions

Adobe Experience Manager: