Adobe Experience Manager Forms JEE | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2026-34691

9.3CRITICAL

Key Information:

Vendor: Adobe
Status: Adobe Experience Manager Forms Jee
Vendor: CVE Published:; 9 June 2026

What is CVE-2026-34691?

Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field, potentially gaining elevated access or control over the victim's account or session. Scope is changed.

Affected Version(s)

Adobe Experience Manager Forms JEE 0 <= 6.5.24.0

References

https://helpx.adobe.com/security/products/aem-forms/apsb2...

vendor-advisory

CVSS V3.1

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 9, 2026
Vulnerability Reserved
Mar 30, 2026

CVE-2026-34691 Data

JSON