Primary

Context

Adobe Experience Manager Screens Stored Cross-Site Scripting Vulnerability

Vulnerability

A stored cross-site scripting vulnerability has been identified in Adobe Experience Manager (AEM) Screens) versions through 11.4. This vulnerability allows low-privileged attackers to inject malicious scripts into vulnerable form fields. When a victim views the page containing the affected field, the injected JavaScript could be executed in their browser, potentially leading to arbitrary code execution.

Impact

Exploitation of this vulnerability could result in arbitrary code execution on behalf of the user viewing the affected page.

Remediation

Users are advised to update to Adobe Experience Manager (AEM) Screens version 6.5.22 Screens FP11.6. Release notes for this update are available on the Adobe Experience League website.

Added: Jul 9, 2025, 12:14 AM

Updated: Jul 9, 2025, 12:14 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

5.0

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

5.0

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Adobe Experience Manager Screens Stored Cross-Site Scripting Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating