CVE-2025-46837 HIGH

CVE-2025-46837: Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Vendor Adobe
Product Adobe Experience Manager
Weakness CWE-79 · XSS
Published June 10, 2025
Last update June 11, 2025
View on NVD All CVEs

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

What the vulnerability does

01Description

Adobe Experience Manager versions 6.5.22 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.

Key dates

02Disclosure timeline

June 10, 2025 CVE published
June 11, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-64607 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) CVE-2023-37981 WordPress Authors List Plugin <= 2.0.2 is vulnerable to Cross Site Scripting (XSS) CVE-2024-1496 Featured Image from URL (FIFU) <= 4.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via fifu_input_url CVE-2025-41025 Stored Cross-Site Scripting in Poultry Farm Management System CVE-2023-47876 WordPress Perfmatters Plugin <= 2.1.6 is vulnerable to Cross Site Scripting (XSS)