Severity
Medium
Analysis Summary
CVE-2025-47090 CVSS:5.4
Adobe Experience Manager versions are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVE-2025-47091 CVSS:5.4
Adobe Experience Manager versions are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVE-2025-47092 CVSS:5.4
Adobe Experience Manager versions are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVE-2025-47093 CVSS:5.4
Adobe Experience Manager versions are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVE-2025-47094 CVSS:5.4
Adobe Experience Manager versions are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
CVE-2025-47082 CVSS:5.4
Adobe Experience Manager versions are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVE-2025-47083 CVSS:5.4
Adobe Experience Manager versions are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVE-2025-47084 CVSS:5.4
Adobe Experience Manager versions are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
Impact
- Cross-Site Scripting
Indicators of Compromise
CVE
- CVE-2025-47090
- CVE-2025-47091
- CVE-2025-47092
- CVE-2025-47093
- CVE-2025-47094
- CVE-2025-47082
- CVE-2025-47083
- CVE-2025-47084
Affected Vendors
- Adobe
Affected Products
- Adobe Experience Manager - 6.5.22
Remediation
Refer to the Adobe Security Advisory for patch, upgrade, or suggested workaround information.