Zero Day MonitorZDM

← Back to list

5.4

CVE-2026-27223PATCHED

adobe · experience_manager

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable f

Description

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

Affected Products

Vendor	Product	Versions
adobe	experience_manager	< 6.5.24.0, < 2026.2.0

References

https://helpx.adobe.com/security/products/experience-manager/apsb26-24.html(Vendor Advisory)

CVSS 3.15.4 MEDIUM

VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA KEV❌ No

Actively exploited❌ No

Patch available2026.2.0, 6.5.24.0

CWECWE-79

Published3/11/2026

Last enriched3d ago

Trending Score0

Source articles0

Independent0

Info Completeness8/14

Missing: epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-27309EXP

Substance3D - Stager | Use After Free (CWE-416)

Multiple vulnerabilities in Adobe Creative Cloud applications

MEDIUMCVE-2026-21314

Audition versions 25.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive informati

MEDIUMCVE-2026-27217

Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerabilit

HIGHCVE-2026-21352

DNG SDK versions 1.7.1 2410 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issu

Pin to Dashboard

Verification

State: verified

Confidence: 100%

Vulnerability Timeline

CVE Published

Mar 11, 2026

Patch Available

Mar 11, 2026

Discovered by ZDM

Mar 26, 2026