CVE-2026-48254
MEDIUM
5.4
CVSS 3.1
Description
Adobe Experience Manager is affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. Scope is changed.
Metadata
Severity & Metrics
5.4
MEDIUM CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Affected products (3)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| Adobe | Adobe Experience Manager 6.5 | — | 0 ≤ 6.5.24, 6.5.25 - Hotfix for NPR-43972 |
| Adobe | Adobe Experience Manager 6.5 LTS | — | 0 ≤ SP1, SP2 - Hotfix for NPR-43972 |
| Adobe | Adobe Experience Manager as a Cloud Service | — | 0 ≤ 2026.5.0, 2026.6.0 |
Weakness (CWE)
| CWE | Source | Description |
|---|---|---|
| CWE-79 | cna | Cross-site Scripting (DOM-based XSS) (CWE-79) |
CVSS scores (1)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 5.4 | MEDIUM | 3.1 | cna | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |