CVE-2026-48268NVD

Vulnerability Summary

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. Scope is changed.

Severity Level

MEDIUM(5.4)

Published Date

Jun 9, 2026

Last Modified

Jun 10, 2026

Exploitation Status

????

EPSS Score (30-Day)

0.03%Probability

Root Weakness (CWE)

CWE-79: Cross-site Scripting (XSS) ↗

The software does not neutralize user-controllable input before it is placed in output that is used as a web page.

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredLow

User InteractionRequired

ScopeChanged

ConfidentialityLow

IntegrityLow

AvailabilityNone

External References

https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html

Critical Alert

CVE Watchtower

CVE-2026-48268NVD

Vulnerability Summary

External References