DOM-Based Cross-Site Scripting Vulnerability in Adobe Experience Manager
CVE-2026-48280

5.4MEDIUM

Key Information:

Vendor

Adobe

Vendor
CVE Published:
9 June 2026

What is CVE-2026-48280?

Adobe Experience Manager is vulnerable to a DOM-based Cross-Site Scripting (XSS) issue that allows attackers to exploit the vulnerable versions by injecting malicious JavaScript code. This type of attack relies on user interaction, meaning that a victim must access a specially crafted webpage for the exploit to be successful. Once the malicious script is executed in the victim's browser context, it can lead to unauthorized actions or data exposure.

Affected Version(s)

Adobe Experience Manager 0 <= 2026.04

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.