Stored XSS Vulnerability in Adobe Experience Manager Products
CVE-2026-27266
5.4MEDIUM
What is CVE-2026-27266?
Adobe Experience Manager versions up to 6.5.23 are susceptible to a stored Cross-Site Scripting (XSS) vulnerability, enabling low-privileged attackers to inject harmful scripts into form fields. When a user accesses a page containing these compromised fields, the malicious JavaScript can execute in their browser, potentially compromising user data and website integrity.
Affected Version(s)
Adobe Experience Manager 0 <= 6.5.23