DOM-Based Cross-Site Scripting Exposure in Adobe Experience Manager
CVE-2026-47993

5.4MEDIUM

Key Information:

Vendor

Adobe

Vendor
CVE Published:
9 June 2026

What is CVE-2026-47993?

The vulnerability in Adobe Experience Manager allows attackers to exploit a DOM-based Cross-Site Scripting (XSS) issue. By manipulating the DOM environment, an attacker can execute malicious JavaScript in the context of the user's browser. This exploitation necessitates user interaction, requiring the victim to visit a specially crafted webpage. The affected versions include Adobe Experience Manager 6.5.24 and earlier, highlighting the need for vigilance in securing web systems.

Affected Version(s)

Adobe Experience Manager 0 <= 2026.04

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.