Primary

Context

Adobe Experience Manager Screens Stored Cross-Site Scripting Vulnerability

Vulnerability

A stored cross-site scripting vulnerability has been identified in Adobe Experience Manager (AEM) Screens) versions 11.4 and earlier. This vulnerability allows a low-privileged attacker to inject malicious scripts into vulnerable form fields. When a victim views the page containing the affected field, the injected JavaScript could be executed in their browser, potentially leading to arbitrary code execution.

Impact

Exploitation of this vulnerability could result in arbitrary code execution, as the injected scripts would be executed in the context of the victim's browser.

Remediation

Users are advised to update to Adobe Experience Manager (AEM) Screens version 6.5.22 Screens FP11.6. Release notes for this version are available on the Adobe Experience League website.

Added: Jul 9, 2025, 12:13 AM

Updated: Jul 9, 2025, 12:13 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

5.0

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

5.0

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Adobe Experience Manager Screens Stored Cross-Site Scripting Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating