CVE-2026-27239

MEDIUM WAF: High

CVSS 5.4 Published: 2026-03-11

CWE-79

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

WAF Coverage Analysis

Cross-Site Scripting (XSS) High WAF Coverage

OWASP: A03:2021 Injection

941xxx - XSS / XXE

Affected Software

Vendor	Product	Version
adobe	experience_manager	up to 6.5.24.0
adobe	experience_manager	up to 2026.2.0
adobe	experience_manager	6.5
adobe	experience_manager	6.5

References

helpx.adobe.com (Vendor Advisory)

Back to CVE Database