Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Adobe |
|
Configuration 1 [-]
|
No data.
References
History
Fri, 19 Sep 2025 17:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| CPEs | cpe:2.3:a:adobe:experience_manager:-:*:*:*:aem_cloud_service:*:*:* |
Mon, 25 Nov 2024 21:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Mon, 07 Oct 2024 13:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | AMS XSS - /libs/fd/af/components/guidecheckbox/widget.jsp (retest 6.5.18 - 2090066 new issue) | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
MITRE
Status: PUBLISHED
Assigner: adobe
Published: 2023-12-15T10:17:26.906Z
Updated: 2024-11-25T20:54:42.248Z
Reserved: 2023-10-30T16:23:27.887Z
Link: CVE-2023-47064
Vulnrichment
Updated: 2024-08-02T21:01:22.658Z
NVD
Status : Modified
Published: 2023-12-15T11:15:09.817
Modified: 2025-09-19T17:19:39.570
Link: CVE-2023-47064
Redhat
No data.