DOM-based XSS Vulnerability in Adobe Experience Manager
CVE-2026-48268
5.4MEDIUM
What is CVE-2026-48268?
Adobe Experience Manager versions 6.5.24, LTS SP1, and 2026.04 and earlier are susceptible to a DOM-based Cross-Site Scripting vulnerability. This security flaw allows attackers to manipulate the Document Object Model (DOM) in a manner that permits the execution of malicious JavaScript code in the context of a victim's browser. This exploitation necessitates user interaction, as an individual must navigate to a specially crafted webpage to trigger the attack.
Affected Version(s)
Adobe Experience Manager 0 <= 2026.04