VDB
CVE-2025-54252
CVE-2025-54252
PUBLISHED
CVSS 5.400000095367432 MEDIUM
Adobe Experience Manager versions 6.5.23.0 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. This could result in bypassing security features within the application. Exploitation of this issue requires user interaction in that a victim must browse to the page containing the vulnerable field.
EPSS 0.04% · 14.2th percentile
Risk Scores
CVSS 3.1
5.400000095367432
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS Score
0.04%
14.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Adobe | Adobe Experience Manager | 0 |
| adobe | experience_manager | 6.5, 0, 0 |
Timeline
- Apr 27, 2025 PoC Published
- Apr 27, 2025 PoC Published
- Apr 27, 2025 PoC Published
- Sep 9, 2025 Coalition ESS Score
- Sep 9, 2025 CVE Published
- Sep 10, 2025 EPSS Score
- Sep 10, 2025 PoC Published
- Sep 11, 2025 Coalition ESS Score
- Sep 12, 2025 Coalition ESS Score
- Sep 17, 2025 EPSS Score
- Sep 25, 2025 EPSS Score
- Oct 2, 2025 EPSS Score