DOM-Based Cross-Site Scripting Vulnerability in Adobe Experience Manager
CVE-2026-47985

5.4MEDIUM

Key Information:

Vendor

Adobe

Vendor
CVE Published:
9 June 2026

What is CVE-2026-47985?

Adobe Experience Manager versions 6.5.24, LTS SP1, and 2026.04 and earlier are susceptible to a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability allows an attacker to manipulate the Document Object Model (DOM) environment, potentially executing malicious JavaScript code within the victim's browser. Successful exploitation of this flaw necessitates user interaction, as the targeted user must visit a specially crafted webpage. Organizations using the affected versions should prioritize precautionary measures to mitigate the risk of exploitation.

Affected Version(s)

Adobe Experience Manager 0 <= 2026.04

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.