Stored Cross-Site Scripting Vulnerability in Adobe Experience Manager
CVE-2026-47977
5.4MEDIUM
What is CVE-2026-47977?
Adobe Experience Manager versions 6.5.24, LTS SP1, and 2026.04 and earlier are susceptible to a stored Cross-Site Scripting (XSS) vulnerability. This security issue enables low-privileged attackers to inject harmful JavaScript into unprotected form fields. If users access a page containing the compromised field, the injected script can execute in their browsers, potentially leading to unauthorized actions and data exposure.
Affected Version(s)
Adobe Experience Manager 0 <= 2026.04