CVE-2024-26032 MEDIUM

CVE-2024-26032: Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)

Vendor Adobe
Product Adobe Experience Manager
Weakness CWE-79 · XSS
Published March 18, 2024
Last update October 7, 2024
View on NVD All CVEs

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Adobe Experience Manager versions 6.5.19 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable web pages. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable script. This could result in arbitrary code execution in the context of the victim's browser. Exploitation of this issue requires user interaction.

Key dates

02Disclosure timeline

March 18, 2024 CVE published
October 7, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-0450 Betheme <= 27.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom JS CVE-2021-32544 Intelligent global technology Ltd, igt+ - DOM-based Cross-Site Scripting CVE-2024-11182 Stored XSS vulnerability in MDaemon Email Server CVE-2024-13143 ZeroWdd studentmanager PermissionController. java submitAddPermission cross site scripting CVE-2025-25098 WordPress Links in Captions plugin <= 1.2 - Stored Cross Site Scripting (XSS) vulnerability