CVE-2025-46959

Published Jul 16, 2025

Last updated a day ago

CVSS medium 5.4

Overview

Description
Adobe Experience Manager versions 6.5.22 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. A low privileged attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a specially crafted web page.
Source
psirt@adobe.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Primary
Base score
5.4
Impact score
2.7
Exploitability score
2.3
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Severity
MEDIUM

Weaknesses

psirt@adobe.com
CWE-79

Social media

Hype score
Not currently trending

  1. CVE-2025-46959 DOM-Based Cross-Site Scripting Vulnerability in Adobe Experience Manager... https://t.co/r5NE6auNhn Vulnerability Notification: https://t.co/xhLrNnfyrO

    @VulmonFeeds

    16 Jul 2025

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.