VYPR

Experience Manager Forms

by Adobe Inc.

CVEs (11)

  • CVE-2026-34691CriJun 9, 2026
    risk 0.60cvss 9.3epss 0.00

    Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a…

  • CVE-2020-9734CriSep 10, 2020
    risk 0.59cvss 9.0epss 0.02

    The AEM Forms add-on for versions 6.5.5.0 (and below) and 6.4.8.1 (and below) is affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Forms component. These scripts may be executed in a…

  • CVE-2026-34693HigJun 9, 2026
    risk 0.52cvss 8.0epss 0.00

    Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or…

  • CVE-2017-3067HigMay 9, 2017
    risk 0.49cvss 7.5epss 0.05

    Adobe Experience Manager Forms versions 6.2, 6.1, 6.0 have an information disclosure vulnerability resulting from abuse of the pre-population service in AEM Forms.

  • CVE-2019-8089MedOct 22, 2019
    risk 0.40cvss 6.1epss 0.01

    Adobe Experience Manager Forms versions 6.3-6.5 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

  • CVE-2019-7129MedMay 29, 2019
    risk 0.40cvss 6.1epss 0.02

    Adobe Experience Manager Forms versions 6.2, 6.3 and 6.4 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

  • CVE-2018-19724MedJan 28, 2019
    risk 0.40cvss 6.1epss 0.02

    Adobe Experience Manager Forms versions 6.2, 6.3 and 6.4 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

  • CVE-2016-6934MedDec 15, 2016
    risk 0.40cvss 6.1epss 0.03

    Adobe Experience Manager Forms versions 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4 have an input validation issue in the PMAdmin module that could be used in cross-site scripting attacks.

  • CVE-2016-6933MedDec 15, 2016
    risk 0.40cvss 6.1epss 0.02

    Adobe Experience Manager Forms versions 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4 have an input validation issue in the AACComponent that could be used in cross-site scripting attacks.

  • CVE-2026-34694MedJun 9, 2026
    risk 0.38cvss 5.9epss 0.00

    Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be…

  • CVE-2020-24444MedDec 10, 2020
    risk 0.38cvss 5.8epss 0.02

    AEM Forms SP6 add-on for AEM 6.5.6.0 and Forms add-on package for AEM 6.4 Service Pack 8 Cumulative Fix Pack 2 (6.4.8.2) have a blind Server-Side Request Forgery (SSRF) vulnerability. This vulnerability could be exploited by an unauthenticated attacker to gather information…