DOM-based Cross-Site Scripting Vulnerability in Adobe Experience Manager
CVE-2024-53968

5.4MEDIUM

Key Information:

Vendor: Adobe
Status: Adobe Experience Manager
Vendor: CVE Published:; 19 March 2025

Summary

Adobe Experience Manager versions 6.5.21 and earlier are susceptible to a DOM-based Cross-Site Scripting (XSS) vulnerability. This issue allows low privileged attackers to manipulate the Document Object Model (DOM) in a victim's browser session. By injecting malicious scripts through user interaction—typically via a malicious link—attackers can execute arbitrary code within the context of the victim's session. Addressing this vulnerability is crucial to preventing potential exploitation and safeguarding user information.

Affected Version(s)

Adobe Experience Manager 0 <= 6.5.21

References

https://helpx.adobe.com/security/products/experience-mana...

vendor-advisory

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 19, 2025
Vulnerability Reserved
Nov 25, 2024