📦

experience_manager

Vendor: adobe

Login to add this product to WatchStack
Actively Exploited 1 CISA KEV List
PoC / Exploits 8 Code Available
Total RCEs 35 Remote Access
Total CVEs 1724 Total Indexed
Avg. EPSS 1.03% Exploit Prob.
Latest CVE CVE-2026-34694 Jun 09

Security Vulnerability Index

Page 23 / 173
5.4 CVSS
CVE-2025-54252

Adobe Experience Manager versions 6.5.23.0 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. This could result in bypassing security features within the application. Exploitation of this issue requires user interaction in that a victim must browse to the page containing the vulnerable field.

EPSS: 4.62%
4.3 CVSS
CVE-2025-54251

Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an XML Injection vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to manipulate XML queries and gain limited unauthorized write access.

EPSS: 1.61%
4.9 CVSS
CVE-2025-54250

Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access.

EPSS: 0.40%
6.5 CVSS
CVE-2025-54249

Adobe Experience Manager versions 6.5.23.0 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to manipulate server-side requests and bypass security controls allowing unauthorized read access.

EPSS: 1.81%
7.7 CVSS
CVE-2025-54248

Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Scope is changed

EPSS: 5.25%
6.5 CVSS
CVE-2025-54247

Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access.

EPSS: 0.44%
6.5 CVSS
CVE-2025-54246

Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access.

EPSS: 0.38%
9.0 CVSS
CVE-2025-53690
RCE Exploit Found

Deserialization of Untrusted Data vulnerability in Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Code Injection.This issue affects Experience Manager (XM): through 9.0; Experience Platform (XP): through 9.0.

EPSS: 26.31%
7.5 CVSS
CVE-2025-53694
Exploit Found

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Sitecore Sitecore Experience Manager (XM), Sitecore Experience Platform (XP).This issue affects Sitecore Experience Manager (XM): from 9.2 through 10.4; Experience Platform (XP): from 9.2 through 10.4.

EPSS: 5.34%
9.8 CVSS
CVE-2025-53693
Exploit Found

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Sitecore Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Cache Poisoning.This issue affects Sitecore Experience Manager (XM): from 9.0 through 9.3, from 10.0 through 10.4; Experience Platform (XP): from 9.0 through 9.3, from 10.0 through 10.4.

EPSS: 13.78%