Stored Cross-Site Scripting Vulnerability in Adobe Experience Manager Forms by Adobe
CVE-2026-34691

9.3CRITICAL

Key Information:

Vendor

Adobe

Vendor
CVE Published:
9 June 2026

What is CVE-2026-34691?

Adobe Experience Manager Forms JEE is susceptible to a stored Cross-Site Scripting (XSS) vulnerability, particularly affecting versions LTS SP1 and 6.5.24.0 or earlier. This vulnerability enables attackers to inject malicious scripts into form fields, which can be executed in users' browsers upon visiting affected pages. Such exploitation may grant unauthorized access to sensitive information or control over the user's session, highlighting the importance of addressing security flaws in form submissions.

Affected Version(s)

Adobe Experience Manager Forms JEE 0 <= 6.5.24.0

References

CVSS V3.1

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.