DOM-based Cross-Site Scripting Vulnerability in Adobe Experience Manager
CVE-2025-64887
5.4MEDIUM
What is CVE-2025-64887?
Adobe Experience Manager versions 6.5.23 and earlier are susceptible to a DOM-based Cross-Site Scripting (XSS) vulnerability. This issue enables low privileged attackers to inject and execute malicious scripts within the browser context of unsuspecting users. Exploiting this vulnerability necessitates user interaction, such as clicking on a crafted URL or engaging with a compromised web page. This poses a risk to user data and application security.
Affected Version(s)
Adobe Experience Manager 0 <= 6.5.23