Stored Cross-Site Scripting Vulnerability in Adobe Experience Manager
CVE-2026-27240
5.4MEDIUM
What is CVE-2026-27240?
Adobe Experience Manager versions 6.5.23 and earlier are subject to a stored Cross-Site Scripting (XSS) vulnerability. This flaw allows low-privileged attackers to inject malicious scripts into vulnerable form fields. When users interact with affected pages, the injected JavaScript can execute within their browsers, posing a significant security risk. It is crucial for organizations using affected versions to apply the necessary updates and mitigate the potential exploitation of this vulnerability.
Affected Version(s)
Adobe Experience Manager 0 <= 6.5.23