CVE-2025-46837 – Adobe Experience Manager Reflected Cross-Site Scripting Vulnerability

June 10, 2025

CVE ID : CVE-2025-46837

Published : June 10, 2025, 11:15 p.m. | 44 minutes ago

Description : Adobe Experience Manager versions 6.5.22 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.

Severity: 8.7 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-46840 – Adobe Experience Manager Privilege Escalation Improper Authorization

Next Article “I want to give players something new”: The Outer Worlds 2 game director says the sequel will have a “darker tone,” and I’m all for it

How To Prevent WordPress SQL Injection Attacks

Java never goes out of style: Celebrating 30 years of the language

OpenAI o3-pro available in the API, BrowserStack adds Playwright support for real iOS devices, and more – Daily News Digest

Creating The “Moving Highlight” Navigation Bar With JavaScript And CSS

Microsoft Copilot’s own default configuration exposed users to the first-ever “zero-click” AI attack, but there was no data breach

Sam Altman says “OpenAI was forced to do a lot of unnatural things” to meet the Ghibli memes demand surge

5 things we didn’t get from the Xbox Games Showcase, because Xbox obviously hates me personally

Minecraft Vibrant Visuals finally has a release date and it’s dropping with the Happy Ghasts

QAQ-QQ-AI-QUEST

QAQ-QQ-AI-QUEST

JS Dark Arts: Abusing prototypes and the Result type

Helpful Git Aliases To Maximize Developer Productivity

Microsoft Copilot’s own default configuration exposed users to the first-ever “zero-click” AI attack, but there was no data breach

Microsoft Copilot’s own default configuration exposed users to the first-ever “zero-click” AI attack, but there was no data breach

Sam Altman says “OpenAI was forced to do a lot of unnatural things” to meet the Ghibli memes demand surge

5 things we didn’t get from the Xbox Games Showcase, because Xbox obviously hates me personally

CVE-2025-46837 – Adobe Experience Manager Reflected Cross-Site Scripting Vulnerability

Ransomware Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double Extortion

Paragon Spyware used to Spy on European Journalists

RL^V: Unifying Reasoning and Verification in Language Models through Value-Free Reinforcement Learning

Surface Pro 12-inch vs. iPad Air M3: Which should you choose?

CVE-2025-5052 – FreeFloat FTP Server LS Command Handler Buffer Overflow Vulnerability

Xbox Games Showcase 2025 revealed for June 8, 2025: Outer Worlds 2 deep dive confirmed, as Xbox gears up for the future

5 things we didn’t get from the Xbox Games Showcase, because Xbox obviously hates me personally

The Nose-Man

CVE-2025-47641 – Printcart Web to Print Product Designer for WooCommerce Unrestricted File Upload Vulnerability

New PumaBot Botnet Targets Linux IoT Devices to Steal SSH Credentials and Mine Crypto

CVE-2025-46837 – Adobe Experience Manager Reflected Cross-Site Scripting Vulnerability

Related Posts