SB2026060969 - Multiple vulnerabilities in Adobe Experience Manager
Published: June 9, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 57 vulnerabilities.
1) Cross-site scripting (CVE-ID: CVE-2026-47982)
CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear
The vulnerability allows a remote user to execute arbitrary code.
The vulnerability exists due to cross-site scripting in Adobe Experience Manager when rendering crafted content. A remote user can inject malicious script to execute arbitrary code.
User interaction is required to load the crafted content.
2) Cross-site scripting (CVE-ID: CVE-2026-48258)
CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear
The vulnerability allows a remote user to execute arbitrary code.
The vulnerability exists due to cross-site scripting in Adobe Experience Manager when rendering crafted content. A remote user can inject malicious script to execute arbitrary code.
User interaction is required to load the crafted content.
3) Cross-site scripting (CVE-ID: CVE-2026-47983)
CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear
The vulnerability allows a remote user to execute arbitrary code.
The vulnerability exists due to cross-site scripting in Adobe Experience Manager when rendering crafted content. A remote user can inject malicious script to execute arbitrary code.
User interaction is required to load the crafted content.
4) Cross-site scripting (CVE-ID: CVE-2026-47985)
CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear
The vulnerability allows a remote user to execute arbitrary code.
The vulnerability exists due to cross-site scripting in Adobe Experience Manager when rendering crafted content. A remote user can inject malicious script to execute arbitrary code.
User interaction is required to load the crafted content.
5) Cross-site scripting (CVE-ID: CVE-2026-47986)
CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear
The vulnerability allows a remote user to execute arbitrary code.
The vulnerability exists due to cross-site scripting in Adobe Experience Manager when rendering crafted content. A remote user can inject malicious script to execute arbitrary code.
User interaction is required to load the crafted content.
6) Cross-site scripting (CVE-ID: CVE-2026-47987)
CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear
The vulnerability allows a remote user to execute arbitrary code.
The vulnerability exists due to cross-site scripting in Adobe Experience Manager when rendering crafted content. A remote user can inject malicious script to execute arbitrary code.
User interaction is required to load the crafted content.
7) Cross-site scripting (CVE-ID: CVE-2026-47989)
CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear
The vulnerability allows a remote user to execute arbitrary code.
The vulnerability exists due to cross-site scripting in Adobe Experience Manager when rendering crafted content. A remote user can inject malicious script to execute arbitrary code.
User interaction is required to load the crafted content.
8) Cross-site scripting (CVE-ID: CVE-2026-47990)
CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear
The vulnerability allows a remote user to execute arbitrary code.
The vulnerability exists due to cross-site scripting in Adobe Experience Manager when rendering crafted content. A remote user can inject malicious script to execute arbitrary code.
User interaction is required to load the crafted content.
9) Cross-site scripting (CVE-ID: CVE-2026-47993)
CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear
The vulnerability allows a remote user to execute arbitrary code.
The vulnerability exists due to cross-site scripting in Adobe Experience Manager when rendering crafted content. A remote user can inject malicious script to execute arbitrary code.
User interaction is required to load the crafted content.
10) Cross-site scripting (CVE-ID: CVE-2026-34692)
CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear
The vulnerability allows a remote user to execute arbitrary code.
The vulnerability exists due to cross-site scripting in Adobe Experience Manager when rendering crafted content. A remote user can inject malicious script to execute arbitrary code.
User interaction is required to load the crafted content.
11) Cross-site scripting (CVE-ID: CVE-2026-48250)
CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear
The vulnerability allows a remote user to execute arbitrary code.
The vulnerability exists due to cross-site scripting in Adobe Experience Manager when rendering crafted content. A remote user can inject malicious script to execute arbitrary code.
User interaction is required to load the crafted content.
12) Cross-site scripting (CVE-ID: CVE-2026-48251)
CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear
The vulnerability allows a remote user to execute arbitrary code.
The vulnerability exists due to cross-site scripting in Adobe Experience Manager when rendering crafted content. A remote user can inject malicious script to execute arbitrary code.
User interaction is required to load the crafted content.
13) Cross-site scripting (CVE-ID: CVE-2026-48256)
CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear
The vulnerability allows a remote user to execute arbitrary code.
The vulnerability exists due to cross-site scripting in Adobe Experience Manager when rendering crafted content. A remote user can inject malicious script to execute arbitrary code.
User interaction is required to load the crafted content.
14) Cross-site scripting (CVE-ID: CVE-2026-48264)
CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear
The vulnerability allows a remote user to execute arbitrary code.
The vulnerability exists due to cross-site scripting in Adobe Experience Manager when rendering crafted content. A remote user can inject malicious script to execute arbitrary code.
User interaction is required to load the crafted content.
15) Cross-site scripting (CVE-ID: CVE-2026-47981)
CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear
The vulnerability allows a remote user to execute arbitrary code.
The vulnerability exists due to cross-site scripting in Adobe Experience Manager when rendering crafted content. A remote user can inject malicious script to execute arbitrary code.
User interaction is required to load the crafted content.
16) Cross-site scripting (CVE-ID: CVE-2026-48265)
CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear
The vulnerability allows a remote user to execute arbitrary code.
The vulnerability exists due to cross-site scripting in Adobe Experience Manager when rendering crafted content. A remote user can inject malicious script to execute arbitrary code.
User interaction is required to load the crafted content.
17) Cross-site scripting (CVE-ID: CVE-2026-48266)
CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear
The vulnerability allows a remote user to execute arbitrary code.
The vulnerability exists due to cross-site scripting in Adobe Experience Manager when rendering crafted content. A remote user can inject malicious script to execute arbitrary code.
User interaction is required to load the crafted content.
18) Cross-site scripting (CVE-ID: CVE-2026-48268)
CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear
The vulnerability allows a remote user to execute arbitrary code.
The vulnerability exists due to cross-site scripting in Adobe Experience Manager when rendering crafted content. A remote user can inject malicious script to execute arbitrary code.
User interaction is required to load the crafted content.
19) Cross-site scripting (CVE-ID: CVE-2026-48271)
CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear
The vulnerability allows a remote user to execute arbitrary code.
The vulnerability exists due to cross-site scripting in Adobe Experience Manager when rendering crafted content. A remote user can inject malicious script to execute arbitrary code.
User interaction is required to load the crafted content.
20) Cross-site scripting (CVE-ID: CVE-2026-48280)
CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear
The vulnerability allows a remote user to execute arbitrary code.
The vulnerability exists due to cross-site scripting in Adobe Experience Manager when rendering crafted content. A remote user can inject malicious script to execute arbitrary code.
User interaction is required to load the crafted content.
21) Cross-site scripting (CVE-ID: CVE-2026-48297)
CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear
The vulnerability allows a remote user to execute arbitrary code.
The vulnerability exists due to cross-site scripting in Adobe Experience Manager when rendering crafted content. A remote user can inject malicious script to execute arbitrary code.
User interaction is required to load the crafted content.
22) Cross-site scripting (CVE-ID: CVE-2026-48299)
CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear
The vulnerability allows a remote user to execute arbitrary code.
The vulnerability exists due to cross-site scripting in Adobe Experience Manager when rendering crafted content. A remote user can inject malicious script to execute arbitrary code.
User interaction is required to load the crafted content.
23) Cross-site scripting (CVE-ID: CVE-2026-48300)
CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear
The vulnerability allows a remote user to execute arbitrary code.
The vulnerability exists due to cross-site scripting in Adobe Experience Manager when rendering crafted content. A remote user can inject malicious script to execute arbitrary code.
User interaction is required to load the crafted content.
24) Cross-site scripting (CVE-ID: CVE-2026-48301)
CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear
The vulnerability allows a remote user to execute arbitrary code.
The vulnerability exists due to cross-site scripting in Adobe Experience Manager when rendering crafted content. A remote user can inject malicious script to execute arbitrary code.
User interaction is required to load the crafted content.
25) Cross-site scripting (CVE-ID: CVE-2026-48304)
CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear
The vulnerability allows a remote user to execute arbitrary code.
The vulnerability exists due to cross-site scripting in Adobe Experience Manager when rendering crafted content. A remote user can inject malicious script to execute arbitrary code.
User interaction is required to load the crafted content.
26) Input validation error (CVE-ID: CVE-2026-47991)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to bypass security features.
The vulnerability exists due to improper input validation in Adobe Experience Manager when handling crafted input. A remote attacker can supply crafted input to bypass security features.
User interaction is required.
27) Input validation error (CVE-ID: CVE-2026-48288)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to bypass security features.
The vulnerability exists due to improper input validation in Adobe Experience Manager when handling crafted input. A remote user can supply crafted input to bypass security features.
User interaction is required.
28) Cross-site scripting (CVE-ID: CVE-2026-47935)
CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear
The vulnerability allows a remote user to execute arbitrary code.
The vulnerability exists due to cross-site scripting in Adobe Experience Manager when rendering crafted content. A remote user can inject malicious script to execute arbitrary code.
User interaction is required to load the crafted content.
29) Cross-site scripting (CVE-ID: CVE-2026-47980)
CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear
The vulnerability allows a remote user to execute arbitrary code.
The vulnerability exists due to cross-site scripting in Adobe Experience Manager when rendering crafted content. A remote user can inject malicious script to execute arbitrary code.
User interaction is required to load the crafted content.
30) Cross-site scripting (CVE-ID: CVE-2026-47951)
CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear
The vulnerability allows a remote user to execute arbitrary code.
The vulnerability exists due to cross-site scripting in Adobe Experience Manager when rendering crafted content. A remote user can inject malicious script to execute arbitrary code.
User interaction is required to load the crafted content.
31) Cross-site scripting (CVE-ID: CVE-2026-47936)
CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear
The vulnerability allows a remote user to execute arbitrary code.
The vulnerability exists due to cross-site scripting in Adobe Experience Manager when rendering crafted content. A remote user can inject malicious script to execute arbitrary code.
User interaction is required to load the crafted content.
32) Cross-site scripting (CVE-ID: CVE-2026-47939)
CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear
The vulnerability allows a remote user to execute arbitrary code.
The vulnerability exists due to cross-site scripting in Adobe Experience Manager when rendering crafted content. A remote user can inject malicious script to execute arbitrary code.
User interaction is required to load the crafted content.
33) Cross-site scripting (CVE-ID: CVE-2026-47941)
CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear
The vulnerability allows a remote user to execute arbitrary code.
The vulnerability exists due to cross-site scripting in Adobe Experience Manager when rendering crafted content. A remote user can inject malicious script to execute arbitrary code.
User interaction is required to load the crafted content.
34) Cross-site scripting (CVE-ID: CVE-2026-47942)
CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear
The vulnerability allows a remote user to execute arbitrary code.
The vulnerability exists due to cross-site scripting in Adobe Experience Manager when rendering crafted content. A remote user can inject malicious script to execute arbitrary code.
User interaction is required to load the crafted content.
35) Cross-site scripting (CVE-ID: CVE-2026-47943)
CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear
The vulnerability allows a remote user to execute arbitrary code.
The vulnerability exists due to cross-site scripting in Adobe Experience Manager when rendering crafted content. A remote user can inject malicious script to execute arbitrary code.
User interaction is required to load the crafted content.
36) Cross-site scripting (CVE-ID: CVE-2026-47944)
CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear
The vulnerability allows a remote user to execute arbitrary code.
The vulnerability exists due to cross-site scripting in Adobe Experience Manager when rendering crafted content. A remote user can inject malicious script to execute arbitrary code.
User interaction is required to load the crafted content.
37) Cross-site scripting (CVE-ID: CVE-2026-47945)
CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear
The vulnerability allows a remote user to execute arbitrary code.
The vulnerability exists due to cross-site scripting in Adobe Experience Manager when rendering crafted content. A remote user can inject malicious script to execute arbitrary code.
User interaction is required to load the crafted content.
38) Cross-site scripting (CVE-ID: CVE-2026-47946)
CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear
The vulnerability allows a remote user to execute arbitrary code.
The vulnerability exists due to cross-site scripting in Adobe Experience Manager when rendering crafted content. A remote user can inject malicious script to execute arbitrary code.
User interaction is required to load the crafted content.
39) Cross-site scripting (CVE-ID: CVE-2026-47947)
CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear
The vulnerability allows a remote user to execute arbitrary code.
The vulnerability exists due to cross-site scripting in Adobe Experience Manager when rendering crafted content. A remote user can inject malicious script to execute arbitrary code.
User interaction is required to load the crafted content.
40) Cross-site scripting (CVE-ID: CVE-2026-47948)
CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear
The vulnerability allows a remote user to execute arbitrary code.
The vulnerability exists due to cross-site scripting in Adobe Experience Manager when rendering crafted content. A remote user can inject malicious script to execute arbitrary code.
User interaction is required to load the crafted content.
41) Cross-site scripting (CVE-ID: CVE-2026-47949)
CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear
The vulnerability allows a remote user to execute arbitrary code.
The vulnerability exists due to cross-site scripting in Adobe Experience Manager when rendering crafted content. A remote user can inject malicious script to execute arbitrary code.
User interaction is required to load the crafted content.
42) Cross-site scripting (CVE-ID: CVE-2026-47950)
CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear
The vulnerability allows a remote user to execute arbitrary code.
The vulnerability exists due to cross-site scripting in Adobe Experience Manager when rendering crafted content. A remote user can inject malicious script to execute arbitrary code.
User interaction is required to load the crafted content.
43) Cross-site scripting (CVE-ID: CVE-2026-47953)
CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear
The vulnerability allows a remote user to execute arbitrary code.
The vulnerability exists due to cross-site scripting in Adobe Experience Manager when rendering crafted content. A remote user can inject malicious script to execute arbitrary code.
User interaction is required to load the crafted content.
44) Cross-site scripting (CVE-ID: CVE-2026-47978)
CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear
The vulnerability allows a remote user to execute arbitrary code.
The vulnerability exists due to cross-site scripting in Adobe Experience Manager when rendering crafted content. A remote user can inject malicious script to execute arbitrary code.
User interaction is required to load the crafted content.
45) Cross-site scripting (CVE-ID: CVE-2026-47954)
CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear
The vulnerability allows a remote user to execute arbitrary code.
The vulnerability exists due to cross-site scripting in Adobe Experience Manager when rendering crafted content. A remote user can inject malicious script to execute arbitrary code.
User interaction is required to load the crafted content.
46) Cross-site scripting (CVE-ID: CVE-2026-47956)
CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear
The vulnerability allows a remote user to execute arbitrary code.
The vulnerability exists due to cross-site scripting in Adobe Experience Manager when rendering crafted content. A remote user can inject malicious script to execute arbitrary code.
User interaction is required to load the crafted content.
47) Cross-site scripting (CVE-ID: CVE-2026-47957)
CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear
The vulnerability allows a remote user to execute arbitrary code.
The vulnerability exists due to cross-site scripting in Adobe Experience Manager when rendering crafted content. A remote user can inject malicious script to execute arbitrary code.
User interaction is required to load the crafted content.
48) Cross-site scripting (CVE-ID: CVE-2026-47958)
CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear
The vulnerability allows a remote user to execute arbitrary code.
The vulnerability exists due to cross-site scripting in Adobe Experience Manager when rendering crafted content. A remote user can inject malicious script to execute arbitrary code.
User interaction is required to load the crafted content.
49) Cross-site scripting (CVE-ID: CVE-2026-47962)
CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear
The vulnerability allows a remote user to execute arbitrary code.
The vulnerability exists due to cross-site scripting in Adobe Experience Manager when rendering crafted content. A remote user can inject malicious script to execute arbitrary code.
User interaction is required to load the crafted content.
50) Cross-site scripting (CVE-ID: CVE-2026-47966)
CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear
The vulnerability allows a remote user to execute arbitrary code.
The vulnerability exists due to cross-site scripting in Adobe Experience Manager when rendering crafted content. A remote user can inject malicious script to execute arbitrary code.
User interaction is required to load the crafted content.
51) Cross-site scripting (CVE-ID: CVE-2026-47970)
CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear
The vulnerability allows a remote user to execute arbitrary code.
The vulnerability exists due to cross-site scripting in Adobe Experience Manager when rendering crafted content. A remote user can inject malicious script to execute arbitrary code.
User interaction is required to load the crafted content.
52) Cross-site scripting (CVE-ID: CVE-2026-47972)
CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear
The vulnerability allows a remote user to execute arbitrary code.
The vulnerability exists due to cross-site scripting in Adobe Experience Manager when rendering crafted content. A remote user can inject malicious script to execute arbitrary code.
User interaction is required to load the crafted content.
53) Cross-site scripting (CVE-ID: CVE-2026-47973)
CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear
The vulnerability allows a remote user to execute arbitrary code.
The vulnerability exists due to cross-site scripting in Adobe Experience Manager when rendering crafted content. A remote user can inject malicious script to execute arbitrary code.
User interaction is required to load the crafted content.
54) Cross-site scripting (CVE-ID: CVE-2026-47974)
CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear
The vulnerability allows a remote user to execute arbitrary code.
The vulnerability exists due to cross-site scripting in Adobe Experience Manager when rendering crafted content. A remote user can inject malicious script to execute arbitrary code.
User interaction is required to load the crafted content.
55) Cross-site scripting (CVE-ID: CVE-2026-47975)
CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear
The vulnerability allows a remote user to execute arbitrary code.
The vulnerability exists due to cross-site scripting in Adobe Experience Manager when rendering crafted content. A remote user can inject malicious script to execute arbitrary code.
User interaction is required to load the crafted content.
56) Cross-site scripting (CVE-ID: CVE-2026-47977)
CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear
The vulnerability allows a remote user to execute arbitrary code.
The vulnerability exists due to cross-site scripting in Adobe Experience Manager when rendering crafted content. A remote user can inject malicious script to execute arbitrary code.
User interaction is required to load the crafted content.
57) Input validation error (CVE-ID: CVE-2026-48289)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to bypass security features.
The vulnerability exists due to improper input validation in Adobe Experience Manager when handling crafted input. A remote user can supply crafted input to bypass security features.
User interaction is required.
Remediation
Install update from vendor's website.