Adobe Marketing Cloud
Products
3- 6 CVEs
- 4 CVEs
- 1 CVE
Recent CVEs
11| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-12809 | Hig | 0.49 | 7.5 | 0.05 | Jul 20, 2018 | Adobe Experience Manager versions 6.4 and earlier have a Server-Side Request Forgery vulnerability. Successful exploitation could lead to sensitive information disclosure. | ||
| CVE-2016-6933 | Med | 0.40 | 6.1 | 0.02 | Dec 15, 2016 | Adobe Experience Manager Forms versions 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4 have an input validation issue in the AACComponent that could be used in cross-site scripting attacks. | ||
| CVE-2025-64583 | 0.00 | — | 0.00 | Dec 10, 2025 | Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by a low privileged attacker to execute malicious scripts in the context of the victim's browser. Exploitation of this issue requires… | |||
| CVE-2025-64820 | 0.00 | — | 0.00 | Dec 10, 2025 | Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s… | |||
| CVE-2025-64549 | 0.00 | — | 0.00 | Dec 10, 2025 | Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s… | |||
| CVE-2025-64551 | 0.00 | — | 0.00 | Dec 10, 2025 | Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by a low privileged attacker to execute malicious scripts in the context of the victim's browser. Exploitation of this issue requires… | |||
| CVE-2024-26084 | 0.00 | — | 0.01 | Apr 10, 2024 | Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when… | |||
| CVE-2023-51460 | 0.00 | — | 0.00 | Dec 20, 2023 | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s… | |||
| CVE-2020-14989 | 0.00 | — | 0.01 | Mar 11, 2021 | An issue was discovered in Bloomreach Experience Manager (brXM) 4.1.0 through 14.2.2. It allows CSRF if the attacker uses GET where POST was intended. | |||
| CVE-2020-14988 | 0.00 | — | 0.01 | Mar 11, 2021 | An issue was discovered in Bloomreach Experience Manager (brXM) 4.1.0 through 14.2.2. It allows XSS in the login page via the loginmessage parameter, the text editor via the src attribute of HTML elements, the translations menu via the foldername parameter, the author page via… | |||
| CVE-2020-14987 | 0.00 | — | 0.04 | Mar 11, 2021 | An issue was discovered in Bloomreach Experience Manager (brXM) 4.1.0 through 14.2.2. It allows remote attackers to execute arbitrary code because there is a mishandling of the capability for administrators to write and run Groovy scripts within the updater editor. An attacker… |
- risk 0.49cvss 7.5epss 0.05
Adobe Experience Manager versions 6.4 and earlier have a Server-Side Request Forgery vulnerability. Successful exploitation could lead to sensitive information disclosure.
- risk 0.40cvss 6.1epss 0.02
Adobe Experience Manager Forms versions 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4 have an input validation issue in the AACComponent that could be used in cross-site scripting attacks.
- CVE-2025-64583Dec 10, 2025risk 0.00cvss —epss 0.00
Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by a low privileged attacker to execute malicious scripts in the context of the victim's browser. Exploitation of this issue requires…
- CVE-2025-64820Dec 10, 2025risk 0.00cvss —epss 0.00
Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s…
- CVE-2025-64549Dec 10, 2025risk 0.00cvss —epss 0.00
Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s…
- CVE-2025-64551Dec 10, 2025risk 0.00cvss —epss 0.00
Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by a low privileged attacker to execute malicious scripts in the context of the victim's browser. Exploitation of this issue requires…
- CVE-2024-26084Apr 10, 2024risk 0.00cvss —epss 0.01
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when…
- CVE-2023-51460Dec 20, 2023risk 0.00cvss —epss 0.00
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s…
- CVE-2020-14989Mar 11, 2021risk 0.00cvss —epss 0.01
An issue was discovered in Bloomreach Experience Manager (brXM) 4.1.0 through 14.2.2. It allows CSRF if the attacker uses GET where POST was intended.
- CVE-2020-14988Mar 11, 2021risk 0.00cvss —epss 0.01
An issue was discovered in Bloomreach Experience Manager (brXM) 4.1.0 through 14.2.2. It allows XSS in the login page via the loginmessage parameter, the text editor via the src attribute of HTML elements, the translations menu via the foldername parameter, the author page via…
- CVE-2020-14987Mar 11, 2021risk 0.00cvss —epss 0.04
An issue was discovered in Bloomreach Experience Manager (brXM) 4.1.0 through 14.2.2. It allows remote attackers to execute arbitrary code because there is a mishandling of the capability for administrators to write and run Groovy scripts within the updater editor. An attacker…