Stored Cross-Site Scripting Vulnerability in Adobe Experience Manager
CVE-2026-47956
5.4MEDIUM
What is CVE-2026-47956?
Adobe Experience Manager versions up to and including 6.5.24, LTS SP1, and 2026.04 have a vulnerability that could allow low-privileged attackers to exploit stored Cross-Site Scripting (XSS) issues. This allows them to inject malicious JavaScript code into vulnerable form fields. When users navigate to a page containing an affected field, the injected scripts could execute in their browsers, potentially compromising user data and session integrity.
Affected Version(s)
Adobe Experience Manager 0 <= 2026.04