Stored Cross-Site Scripting Vulnerability in Adobe Experience Manager Forms
CVE-2026-34694

4.8MEDIUM

Key Information:

Vendor

Adobe

Vendor
CVE Published:
9 June 2026

What is CVE-2026-34694?

Adobe Experience Manager Forms JEE versions LTS SP1 and 6.5.24.0, along with earlier versions, are susceptible to a stored Cross-Site Scripting vulnerability. This security issue allows high-privileged attackers to inject malicious JavaScript into vulnerable form fields. When users access a page containing the compromised field, the injected scripts can execute in their browsers, potentially leading to harmful consequences. It is crucial for users to apply the necessary updates and patches to prevent exploitation by malicious actors.

Affected Version(s)

Adobe Experience Manager Forms JEE 0 <= 6.5.24.0

References

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.