📦

experience_manager

Vendor: adobe

Login to add this product to WatchStack
Actively Exploited 1 CISA KEV List
PoC / Exploits 8 Code Available
Total RCEs 35 Remote Access
Total CVEs 1724 Total Indexed
Avg. EPSS 1.03% Exploit Prob.
Latest CVE CVE-2026-34694 Jun 09

Security Vulnerability Index

Page 26 / 173
8.8 CVSS
CVE-2025-34510

Sitecore Experience Manager (XM), Experience Platform (XP), and Experience Commerce (XC) versions 9.0 through 9.3 and 10.0 through 10.4 are affected by a Zip Slip vulnerability. A remote, authenticated attacker can exploit this issue by sending a crafted HTTP request to upload a ZIP archive containing path traversal sequences, allowing arbitrary file writes and leading to code execution.

EPSS: 9.31%
7.5 CVSS
CVE-2025-34509

Sitecore Experience Manager (XM) and Experience Platform (XP) versions 10.1 to 10.1.4 rev. 011974 PRE, all versions of 10.2, 10.3 to 10.3.3 rev. 011967 PRE, and 10.4 to 10.4.1 rev. 011941 PRE contain a hardcoded user account. Unauthenticated and remote attackers can use this account to access administrative API over HTTP.

EPSS: 38.43%
5.4 CVSS
CVE-2025-47117

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

EPSS: 0.24%
5.4 CVSS
CVE-2025-47116

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

EPSS: 0.24%
5.4 CVSS
CVE-2025-47115

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

EPSS: 0.30%
5.4 CVSS
CVE-2025-47114

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

EPSS: 0.26%
5.4 CVSS
CVE-2025-47113

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

EPSS: 0.24%
3.5 CVSS
CVE-2025-47096

Adobe Experience Manager versions 6.5.22 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass, allowing a low impact to the integrity of the component. Exploitation of this issue requires user interaction in that a victim must interact with the malicious content. Low privileges are required.

EPSS: 0.28%
6.1 CVSS
CVE-2025-47094

Adobe Experience Manager versions 6.5.22 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

EPSS: 0.26%
5.4 CVSS
CVE-2025-47093

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

EPSS: 0.22%