Adobe Experience Manager XSS

MEDIUM (5.4) No Patch (4 days)
cwe-79adobeexperience-managervulnerability-typeweb-content-managementxss

Threat Intelligence

Low Risk
EPSS Score: 0.03% chance of exploitation (percentile: 8%)
🔍 Detection Tools: None available in major open-source tools
⚔️ Exploit Availability: No public exploits found

How we test →

What is it?

Adobe Experience Manager is a web content management system used by organizations to manage and publish their websites. This vulnerability allows attackers to inject malicious scripts into vulnerable form fields, which can be executed in a victim's browser when they browse to the page containing the field.

Am I affected?

Affected versions: 6.5.23

Affected Products

Adobe Inc. / Adobe Experience Manager

How to fix

  1. Upgrade to Adobe Experience Manager 6.5.24 or later from the official Adobe website: https://www.adobe.com/go/sem
  2. Immediate mitigations:
  3. Restrict network access to your AEM instance (firewall it from the public internet)
  4. Audit admin account activity for suspicious access patterns
  5. Monitor for unauthorized token creation

References