Primary

Context

Adobe Experience Manager Stored Cross-Site Scripting Vulnerability

Vulnerability

A stored cross-site scripting vulnerability has been identified in Adobe Experience Manager (AEM) Screens) versions through 11.6. This vulnerability allows low-privileged attackers to inject malicious scripts into vulnerable form fields. When a victim interacts with the page containing the compromised field, the injected JavaScript could be executed in their browser. Exploitation of this vulnerability requires user interaction, as the victim must open a malicious link.

Impact

Exploitation of this vulnerability could lead to arbitrary code execution in the context of the victim's browser.

Remediation

Users are advised to update to Adobe Experience Manager (AEM) Screens version 6.5.22 Screens FP11.7. Release notes for this version are available on the Adobe Experience League website.

Added: Oct 14, 2025, 11:52 PM

Updated: Oct 14, 2025, 11:52 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

5.0

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

5.0

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Adobe Experience Manager Stored Cross-Site Scripting Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating