CVE-2023-51463 MEDIUM

CVE-2023-51463: Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79)

Vendor Adobe
Product Adobe Experience Manager
Weakness CWE-79 · XSS
Published January 18, 2024
Last update June 17, 2025
View on NVD All CVEs

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

Key dates

02Disclosure timeline

January 18, 2024 CVE published
June 17, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-51498 [@imput/cobalt-web] Cross-site Scripting when downloading picker image from malicious instance CVE-2026-0533 Stored XSS in Fusion desktop when attempting to delete a file CVE-2024-2266 keerti1924 Secret-Coder-PHP-Project Login Page login.php cross site scripting CVE-2021-42363 Preview E-Mails for WooCommerce <= 1.6.8 Reflected Cross-Site Scripting CVE-2025-49410 WordPress TC Testimonials plugin <= 1.1.1 - Cross Site Scripting (XSS) vulnerability