Experience Manager
Sign in to watchby Adobe Inc.
CVEs (33)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-3108 | Cri | 0.65 | 9.8 | 0.10 | Aug 11, 2017 | Adobe Experience Manager 6.2 and earlier has a malicious file execution vulnerability. | |
| CVE-2016-7885 | Hig | 0.57 | 8.8 | 0.01 | Dec 15, 2016 | Adobe Experience Manager versions 6.2 and earlier have a vulnerability that could be used in Cross-Site Request Forgery attacks. | |
| CVE-2016-0957 | Hig | 0.56 | 7.5 | 0.93 | Feb 10, 2016 | Dispatcher before 4.1.5 in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 does not properly implement a URL filter, which allows remote attackers to bypass dispatcher rules via unspecified vectors. | |
| CVE-2016-0956 | Hig | 0.53 | 7.5 | 0.13 | Feb 10, 2016 | The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors. | |
| CVE-2017-3111 | Hig | 0.50 | 7.5 | 0.10 | Dec 9, 2017 | An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. Sensitive tokens are included in http GET requests under certain circumstances. | |
| CVE-2017-3110 | Hig | 0.50 | 7.5 | 0.10 | Aug 11, 2017 | Adobe Experience Manager 6.1 and earlier has a sensitive data exposure vulnerability. | |
| CVE-2017-3107 | Hig | 0.50 | 7.5 | 0.10 | Aug 11, 2017 | Adobe Experience Manager 6.3 and earlier has a misconfiguration vulnerability. | |
| CVE-2016-0958 | Hig | 0.49 | 7.5 | 0.01 | Feb 10, 2016 | Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 might allow remote attackers to have an unspecified impact via a crafted serialized Java object. | |
| CVE-2017-3109 | Med | 0.40 | 6.1 | 0.01 | Dec 9, 2017 | An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. Adobe Experience Manager has a reflected cross-site scripting vulnerability in the HtmlRendererServlet. | |
| CVE-2017-11296 | Med | 0.40 | 6.1 | 0.01 | Dec 9, 2017 | An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. A cross-site scripting vulnerability in Apache Sling Servlets Post 2.3.20 has been resolved in Adobe Experience Manager. | |
| CVE-2016-7884 | Med | 0.40 | 6.1 | 0.01 | Dec 15, 2016 | Adobe Experience Manager versions 6.1 and earlier have an input validation issue in the DAM create assets that could be used in cross-site scripting attacks. | |
| CVE-2016-7883 | Med | 0.40 | 6.1 | 0.01 | Dec 15, 2016 | Adobe Experience Manager version 6.2 has an input validation issue in create Launch wizard that could be used in cross-site scripting attacks. | |
| CVE-2016-7882 | Med | 0.40 | 6.1 | 0.01 | Dec 15, 2016 | Adobe Experience Manager versions 6.2 and earlier have an input validation issue in the WCMDebug filter that could be used in cross-site scripting attacks. | |
| CVE-2016-4170 | Med | 0.40 | 6.1 | 0.01 | Aug 9, 2016 | Cross-site scripting (XSS) vulnerability in Adobe Experience Manager 5.6.1, 6.0, 6.1, and 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |
| CVE-2016-4168 | Med | 0.40 | 6.1 | 0.01 | Aug 9, 2016 | Cross-site scripting (XSS) vulnerability in Adobe Experience Manager 5.6.1, 6.0, and 6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |
| CVE-2016-0955 | Med | 0.40 | 6.1 | 0.00 | Feb 10, 2016 | Cross-site scripting (XSS) vulnerability in Adobe Experience Manager (AEM) 6.1.0 allows remote authenticated users to inject arbitrary web script or HTML via a folder title field that is mishandled in the Deletion popup dialog. | |
| CVE-2026-34625 | Med | 0.35 | 5.4 | 0.00 | Apr 14, 2026 | Adobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. | |
| CVE-2026-34624 | Med | 0.35 | 5.4 | 0.00 | Apr 14, 2026 | Adobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. | |
| CVE-2026-34623 | Med | 0.35 | 5.4 | 0.00 | Apr 14, 2026 | Adobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a specially crafted web page. | |
| CVE-2026-27288 | Med | 0.35 | 5.4 | 0.00 | Apr 14, 2026 | Adobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. |