Unrated severityNVD Advisory· Published Oct 14, 2025· Updated Oct 15, 2025
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2025-54272
Description
Adobe Experience Manager versions 11.6 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Exploitation of this issue requires user interaction in that a victim must open a malicious link. Scope is changed.
Affected products
2<=11.6+ 1 more
- (no CPE)range: <=11.6
- (no CPE)range: 0
Patches
Vulnerability mechanics
References
1- helpx.adobe.com/security/products/aem-screens/apsb25-98.htmlmitrevendor-advisory
News mentions
0No linked articles in our index yet.