CVE-2026-34624
MEDIUM WAF: High
CVSS 5.4
Published: 2026-04-14
CWE-79
Adobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage.
WAF Coverage Analysis
Cross-Site Scripting (XSS)
High WAF Coverage
OWASP: A03:2021 Injection
941xxx - XSS / XXE
Affected Software
| Vendor | Product | Version |
|---|---|---|
| adobe | experience_manager | up to 6.5.24.0 |
| adobe | experience_manager_screens | up to 6.5.11.8 |
References
- helpx.adobe.com (Vendor Advisory)