CVE-2025-46856 MEDIUM

CVE-2025-46856: Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)

Vendor Adobe
Product Adobe Experience Manager
Weakness CWE-79 · XSS
Published August 20, 2025
Last update August 20, 2025
View on NVD All CVEs

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Adobe Experience Manager versions 6.5.22 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. A low privileged attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a specially crafted web page.

Key dates

02Disclosure timeline

August 20, 2025 CVE published
August 20, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-31608 WordPress CookieHint WP plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability CVE-2021-25101 Anti-Malware Security and Brute-Force Firewall < 4.20.94 - Admin+ Reflected Cross-Site Scripting CVE-2026-2281 Private Comment <= 0.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via Label Text Setting CVE-2021-41134 Stored XSS in Jupyter nbdime CVE-2026-8872 Animate Your Content <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes