EUVD-2026-22665

| CVE-2026-27288 MEDIUM

2026-04-14 [email protected]

GHSA-m4p2-m73g-c9h4

XSS Adobe

5.4

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Lifecycle Timeline

Analysis Generated

Apr 14, 2026 - 19:43 vuln.today

DescriptionNVD

Adobe Experience Manager versions FP11.7 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

AnalysisAI

Stored Cross-Site Scripting in Adobe Experience Manager versions FP11.7 and earlier allows authenticated attackers to inject malicious JavaScript into form fields, which executes in victims' browsers with limited impact (confidentiality and integrity). The vulnerability requires user interaction (victim must view the affected page) and authenticated access, resulting in a CVSS 5.4 (medium) score. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

EUVD-2026-22665 vulnerability details – vuln.today

Back