wid-sec-w-2026-0667 · Published 2026-03-10 · View on BSI CERT-Bund ↗

Adobe Experience Manager: Multiple Vulnerabilities allow Cross-Site Scripting

CVSS 5.4 MEDIUM

Risk Summary

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVEs (33)

CVE-2026-27223 CVE-2026-27224 CVE-2026-27225 CVE-2026-27227 CVE-2026-27228 CVE-2026-27229 CVE-2026-27230 CVE-2026-27231 CVE-2026-27232 CVE-2026-27233 CVE-2026-27234 CVE-2026-27235 CVE-2026-27236 CVE-2026-27237 CVE-2026-27239 CVE-2026-27240 CVE-2026-27241 CVE-2026-27242 CVE-2026-27244 CVE-2026-27247 CVE-2026-27248 CVE-2026-27249 CVE-2026-27250 CVE-2026-27251 CVE-2026-27252 CVE-2026-27253 CVE-2026-27254 CVE-2026-27255 CVE-2026-27256 CVE-2026-27257 CVE-2026-27262 CVE-2026-27265 CVE-2026-27266

Affected Vendors

Adobe

Affected Products (6)

Adobe · Experience Manager <6.5 LTS Service Pack 2

Adobe · Experience Manager 6.5 LTS Service Pack 2

Adobe · Experience Manager Cloud Service <2026.02

Adobe · Experience Manager Cloud Service 2026.02

Adobe · Experience Manager <6.5 Service Pack 24

Adobe · Experience Manager 6.5 Service Pack 24

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more