VYPR

Experience Manager

by Adobe Inc.

CVEs (1,157)

  • CVE-2018-12807MedAug 29, 2018
    risk 0.35cvss 5.3epss 0.05

    Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have an input validation bypass vulnerability. Successful exploitation could lead to unauthorized information modification.

  • CVE-2016-4253MedAug 9, 2016
    risk 0.35cvss 5.3epss 0.03

    The Backup functionality in Adobe Experience Manager 5.6.1, 6.0, 6.1, and 6.2 allows attackers to obtain sensitive information via unspecified vectors.

  • CVE-2016-4169MedAug 9, 2016
    risk 0.35cvss 5.3epss 0.03

    Adobe Experience Manager 6.0, 6.1, and 6.2 allow attackers to obtain sensitive audit log event information via unspecified vectors.

  • CVE-2026-47991MedJun 9, 2026
    risk 0.28cvss 4.3epss 0.00

    Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by an Improper Redirect (Open Redirect) vulnerability that could lead to account takeover. An attacker could construct a malicious URL that redirects a victim to an attacker-controlled site.…

  • CVE-2026-48289LowJun 9, 2026
    risk 0.23cvss 3.5epss 0.00

    Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain…

  • CVE-2026-48288LowJun 9, 2026
    risk 0.23cvss 3.5epss 0.00

    Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain…

  • CVE-2025-54253KEVAug 5, 2025
    risk 0.14cvss epss 0.90

    Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration vulnerability that could result in arbitrary code execution. An attacker could leverage this vulnerability to bypass security mechanisms and execute code. Exploitation of this issue does not…

  • CVE-2025-53690KEVSep 3, 2025
    risk 0.12cvss epss 0.26

    Deserialization of Untrusted Data vulnerability in Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Code Injection.This issue affects Experience Manager (XM): through 9.0; Experience Platform (XP): through 9.0.

  • CVE-2025-49533Jul 8, 2025
    risk 0.06cvss epss 0.45

    Adobe Experience Manager (MS) versions 6.5.23.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could lead to arbitrary code execution by an attacker. Exploitation of this issue does not require user interaction. Scope is unchanged.

  • CVE-2019-16469Jan 15, 2020
    risk 0.06cvss epss 0.17

    Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have an expression language injection vulnerability. Successful exploitation could lead to sensitive information disclosure.

  • CVE-2019-8086Oct 25, 2019
    risk 0.04cvss epss 0.24

    Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a xml external entity injection vulnerability. Successful exploitation could lead to sensitive information disclosure.

  • CVE-2019-7964Aug 16, 2019
    risk 0.04cvss epss 0.10

    Adobe Experience Manager versions 6.5, and 6.4 have an authentication bypass vulnerability. Successful exploitation could lead to remote code execution.

  • CVE-2025-54251Sep 9, 2025
    risk 0.01cvss epss 0.02

    Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an XML Injection vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to manipulate XML queries and gain limited unauthorized write access.

  • CVE-2024-49524Nov 7, 2024
    risk 0.01cvss epss 0.00

    Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a…

  • CVE-2024-36230Jun 13, 2024
    risk 0.01cvss epss 0.00

    Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue…

  • CVE-2024-36220Jun 13, 2024
    risk 0.01cvss epss 0.00

    Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this…

  • CVE-2024-36231Jun 13, 2024
    risk 0.01cvss epss 0.00

    Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this…

  • CVE-2024-36235Jun 13, 2024
    risk 0.01cvss epss 0.00

    Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue…

  • CVE-2020-9651Jun 12, 2020
    risk 0.01cvss epss 0.02

    Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (reflected) vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser.

  • CVE-2020-9647Jun 12, 2020
    risk 0.01cvss epss 0.02

    Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (dom-based) vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser.

Page 6 of 58