Experience Manager
by Adobe Inc.
CVEs (1,157)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-3108 | Cri | 0.64 | 9.8 | 0.09 | Aug 11, 2017 | Adobe Experience Manager 6.2 and earlier has a malicious file execution vulnerability. | ||
| CVE-2026-34691 | Cri | 0.60 | 9.3 | 0.00 | Jun 9, 2026 | Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a… | ||
| CVE-2016-7885 | Hig | 0.57 | 8.8 | 0.03 | Dec 15, 2016 | Adobe Experience Manager versions 6.2 and earlier have a vulnerability that could be used in Cross-Site Request Forgery attacks. | ||
| CVE-2016-0956 | Hig | 0.55 | 7.5 | 0.46 | Feb 10, 2016 | The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors. | ||
| CVE-2018-5006 | Hig | 0.53 | 7.5 | 0.54 | Jul 20, 2018 | Adobe Experience Manager versions 6.4 and earlier have a Server-Side Request Forgery vulnerability. Successful exploitation could lead to sensitive information disclosure. | ||
| CVE-2016-0957 | Hig | 0.53 | 7.5 | 0.51 | Feb 10, 2016 | Dispatcher before 4.1.5 in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 does not properly implement a URL filter, which allows remote attackers to bypass dispatcher rules via unspecified vectors. | ||
| CVE-2026-34693 | Hig | 0.52 | 8.0 | 0.00 | Jun 9, 2026 | Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or… | ||
| CVE-2018-5004 | Hig | 0.49 | 7.5 | 0.04 | Jul 20, 2018 | Adobe Experience Manager versions 6.2 and 6.3 have a Server-Side Request Forgery vulnerability. Successful exploitation could lead to sensitive information disclosure. | ||
| CVE-2018-12809 | Hig | 0.49 | 7.5 | 0.05 | Jul 20, 2018 | Adobe Experience Manager versions 6.4 and earlier have a Server-Side Request Forgery vulnerability. Successful exploitation could lead to sensitive information disclosure. | ||
| CVE-2017-3111 | Hig | 0.49 | 7.5 | 0.07 | Dec 9, 2017 | An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. Sensitive tokens are included in http GET requests under certain circumstances. | ||
| CVE-2017-3110 | Hig | 0.49 | 7.5 | 0.05 | Aug 11, 2017 | Adobe Experience Manager 6.1 and earlier has a sensitive data exposure vulnerability. | ||
| CVE-2017-3107 | Hig | 0.49 | 7.5 | 0.07 | Aug 11, 2017 | Adobe Experience Manager 6.3 and earlier has a misconfiguration vulnerability. | ||
| CVE-2016-0958 | Hig | 0.49 | 7.5 | 0.04 | Feb 10, 2016 | Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 might allow remote attackers to have an unspecified impact via a crafted serialized Java object. | ||
| CVE-2025-53692 | Hig | 0.46 | 7.1 | 0.00 | Sep 21, 2025 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Sitecore Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Cross-Site Scripting (XSS).This issue affects Sitecore Experience Manager (XM): from… | ||
| CVE-2018-5005 | Med | 0.40 | 6.1 | 0.04 | Sep 6, 2018 | Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a Cross-site Scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | ||
| CVE-2018-12806 | Med | 0.40 | 6.1 | 0.04 | Aug 29, 2018 | Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | ||
| CVE-2018-4931 | Med | 0.40 | 6.1 | 0.02 | May 19, 2018 | Adobe Experience Manager versions 6.1 and earlier have an exploitable stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | ||
| CVE-2018-4930 | Med | 0.40 | 6.1 | 0.02 | May 19, 2018 | Adobe Experience Manager versions 6.3 and earlier have an exploitable Cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | ||
| CVE-2018-4929 | Med | 0.40 | 6.1 | 0.02 | May 19, 2018 | Adobe Experience Manager versions 6.2 and earlier have an exploitable stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | ||
| CVE-2018-4876 | Med | 0.40 | 6.1 | 0.05 | Feb 27, 2018 | Adobe Experience Manager versions 6.3, 6.2, and 6.1 are vulnerable to cross-site scripting via a bypass of the Sling XSSAPI#getValidHref function. |
- risk 0.64cvss 9.8epss 0.09
Adobe Experience Manager 6.2 and earlier has a malicious file execution vulnerability.
- risk 0.60cvss 9.3epss 0.00
Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a…
- risk 0.57cvss 8.8epss 0.03
Adobe Experience Manager versions 6.2 and earlier have a vulnerability that could be used in Cross-Site Request Forgery attacks.
- risk 0.55cvss 7.5epss 0.46
The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors.
- risk 0.53cvss 7.5epss 0.54
Adobe Experience Manager versions 6.4 and earlier have a Server-Side Request Forgery vulnerability. Successful exploitation could lead to sensitive information disclosure.
- risk 0.53cvss 7.5epss 0.51
Dispatcher before 4.1.5 in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 does not properly implement a URL filter, which allows remote attackers to bypass dispatcher rules via unspecified vectors.
- risk 0.52cvss 8.0epss 0.00
Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or…
- risk 0.49cvss 7.5epss 0.04
Adobe Experience Manager versions 6.2 and 6.3 have a Server-Side Request Forgery vulnerability. Successful exploitation could lead to sensitive information disclosure.
- risk 0.49cvss 7.5epss 0.05
Adobe Experience Manager versions 6.4 and earlier have a Server-Side Request Forgery vulnerability. Successful exploitation could lead to sensitive information disclosure.
- risk 0.49cvss 7.5epss 0.07
An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. Sensitive tokens are included in http GET requests under certain circumstances.
- risk 0.49cvss 7.5epss 0.05
Adobe Experience Manager 6.1 and earlier has a sensitive data exposure vulnerability.
- risk 0.49cvss 7.5epss 0.07
Adobe Experience Manager 6.3 and earlier has a misconfiguration vulnerability.
- risk 0.49cvss 7.5epss 0.04
Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 might allow remote attackers to have an unspecified impact via a crafted serialized Java object.
- risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Sitecore Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Cross-Site Scripting (XSS).This issue affects Sitecore Experience Manager (XM): from…
- risk 0.40cvss 6.1epss 0.04
Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a Cross-site Scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
- risk 0.40cvss 6.1epss 0.04
Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
- risk 0.40cvss 6.1epss 0.02
Adobe Experience Manager versions 6.1 and earlier have an exploitable stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
- risk 0.40cvss 6.1epss 0.02
Adobe Experience Manager versions 6.3 and earlier have an exploitable Cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
- risk 0.40cvss 6.1epss 0.02
Adobe Experience Manager versions 6.2 and earlier have an exploitable stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
- risk 0.40cvss 6.1epss 0.05
Adobe Experience Manager versions 6.3, 6.2, and 6.1 are vulnerable to cross-site scripting via a bypass of the Sling XSSAPI#getValidHref function.
Page 1 of 58