VYPR

Experience Manager

by Adobe Inc.

CVEs (1,157)

  • CVE-2017-3108CriAug 11, 2017
    risk 0.64cvss 9.8epss 0.09

    Adobe Experience Manager 6.2 and earlier has a malicious file execution vulnerability.

  • CVE-2026-34691CriJun 9, 2026
    risk 0.60cvss 9.3epss 0.00

    Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a…

  • CVE-2016-7885HigDec 15, 2016
    risk 0.57cvss 8.8epss 0.03

    Adobe Experience Manager versions 6.2 and earlier have a vulnerability that could be used in Cross-Site Request Forgery attacks.

  • CVE-2016-0956HigFeb 10, 2016
    risk 0.55cvss 7.5epss 0.46

    The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors.

  • CVE-2018-5006HigJul 20, 2018
    risk 0.53cvss 7.5epss 0.54

    Adobe Experience Manager versions 6.4 and earlier have a Server-Side Request Forgery vulnerability. Successful exploitation could lead to sensitive information disclosure.

  • CVE-2016-0957HigFeb 10, 2016
    risk 0.53cvss 7.5epss 0.51

    Dispatcher before 4.1.5 in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 does not properly implement a URL filter, which allows remote attackers to bypass dispatcher rules via unspecified vectors.

  • CVE-2026-34693HigJun 9, 2026
    risk 0.52cvss 8.0epss 0.00

    Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or…

  • CVE-2018-5004HigJul 20, 2018
    risk 0.49cvss 7.5epss 0.04

    Adobe Experience Manager versions 6.2 and 6.3 have a Server-Side Request Forgery vulnerability. Successful exploitation could lead to sensitive information disclosure.

  • CVE-2018-12809HigJul 20, 2018
    risk 0.49cvss 7.5epss 0.05

    Adobe Experience Manager versions 6.4 and earlier have a Server-Side Request Forgery vulnerability. Successful exploitation could lead to sensitive information disclosure.

  • CVE-2017-3111HigDec 9, 2017
    risk 0.49cvss 7.5epss 0.07

    An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. Sensitive tokens are included in http GET requests under certain circumstances.

  • CVE-2017-3110HigAug 11, 2017
    risk 0.49cvss 7.5epss 0.05

    Adobe Experience Manager 6.1 and earlier has a sensitive data exposure vulnerability.

  • CVE-2017-3107HigAug 11, 2017
    risk 0.49cvss 7.5epss 0.07

    Adobe Experience Manager 6.3 and earlier has a misconfiguration vulnerability.

  • CVE-2016-0958HigFeb 10, 2016
    risk 0.49cvss 7.5epss 0.04

    Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 might allow remote attackers to have an unspecified impact via a crafted serialized Java object.

  • CVE-2025-53692HigSep 21, 2025
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Sitecore Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Cross-Site Scripting (XSS).This issue affects Sitecore Experience Manager (XM): from…

  • CVE-2018-5005MedSep 6, 2018
    risk 0.40cvss 6.1epss 0.04

    Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a Cross-site Scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

  • CVE-2018-12806MedAug 29, 2018
    risk 0.40cvss 6.1epss 0.04

    Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

  • CVE-2018-4931MedMay 19, 2018
    risk 0.40cvss 6.1epss 0.02

    Adobe Experience Manager versions 6.1 and earlier have an exploitable stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

  • CVE-2018-4930MedMay 19, 2018
    risk 0.40cvss 6.1epss 0.02

    Adobe Experience Manager versions 6.3 and earlier have an exploitable Cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

  • CVE-2018-4929MedMay 19, 2018
    risk 0.40cvss 6.1epss 0.02

    Adobe Experience Manager versions 6.2 and earlier have an exploitable stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

  • CVE-2018-4876MedFeb 27, 2018
    risk 0.40cvss 6.1epss 0.05

    Adobe Experience Manager versions 6.3, 6.2, and 6.1 are vulnerable to cross-site scripting via a bypass of the Sling XSSAPI#getValidHref function.

Page 1 of 58