CVE-2023-29304 MEDIUM

CVE-2023-29304: Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79)

Vendor Adobe

Product Adobe Experience Manager

Weakness CWE-79 · XSS

Published June 15, 2023

Last update March 5, 2025

View on NVD All CVEs

CVSS base score

5.4/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Adobe Experience Manager versions 6.5.16.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

Key dates

02Disclosure timeline

June 15, 2023 CVE published

March 5, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-29304

Related vulnerabilities

04Related CVE

CVE-2024-12505 Trackserver <= 5.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-43921 WordPress Generate Images – Magic Post Thumbnail plugin <= 5.2.9 - Cross Site Scripting (XSS) vulnerability CVE-2025-28878 WordPress Awesome Surveys plugin <= 2.0.10 - Cross Site Scripting (XSS) vulnerability CVE-2025-52462 CVE-2024-48023 WordPress Restaurant Reservations Widget plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability