Stored Cross-Site Scripting Vulnerability in Adobe Experience Manager
CVE-2025-46993

5.4MEDIUM

Key Information:

Vendor

Adobe

Vendor
CVE Published:
24 July 2025

What is CVE-2025-46993?

A vulnerability exists in Adobe Experience Manager that allows low privileged attackers to inject malicious scripts into vulnerable form fields. This stored Cross-Site Scripting (XSS) flaw can lead to the execution of harmful JavaScript code in the browsers of users who access pages containing compromised fields, potentially compromising sensitive information.

Affected Version(s)

Adobe Experience Manager 0 <= 6.5.22

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-46993 : Stored Cross-Site Scripting Vulnerability in Adobe Experience Manager