Stored Cross-Site Scripting Vulnerability in Adobe Experience Manager
CVE-2026-47954
5.4MEDIUM
What is CVE-2026-47954?
Adobe Experience Manager versions 6.5.24, LTS SP1, and 2026.04 and earlier are impacted by a stored Cross-Site Scripting vulnerability. This flaw allows low-privileged attackers to insert malicious scripts into form fields, leading to potential execution of harmful JavaScript in the browsers of users who visit the affected pages. Proper safeguards and updates are crucial to mitigate the risk associated with this vulnerability.
Affected Version(s)
Adobe Experience Manager 0 <= 2026.04