CVE-2026-48261
Undergoing Analysis Undergoing Analysis - In Progress

BaseFortify

Vulnerability report for CVE-2026-48261, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-14

Last updated on: 2026-07-14

Assigner: Adobe Systems Incorporated

Description

Adobe Experience Manager is affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. Scope is changed.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-14
Last Modified
2026-07-14
Generated
2026-07-15
AI Q&A
2026-07-15
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
adobe experience_manager *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-48261 is a DOM-based Cross-Site Scripting (XSS) vulnerability affecting Adobe Experience Manager. DOM-based XSS occurs when a web application writes user-provided data to the Document Object Model (DOM) without proper sanitization, allowing attackers to manipulate the DOM environment.

In this case, an attacker could craft a malicious webpage or input that alters the DOM in a way that executes arbitrary JavaScript code in the victim's browser. The exploitation requires user interaction, meaning the victim must visit the attacker's crafted webpage or interact with a malicious link.

The scope of this vulnerability is marked as changed, indicating that the impact extends beyond the vulnerable component itself, potentially affecting other parts of the application or system.

Impact Analysis

If you are a user of Adobe Experience Manager, this vulnerability could have several impacts:

  • An attacker could execute malicious JavaScript in your browser, potentially stealing sensitive information such as session cookies, authentication tokens, or personal data.
  • The attacker could perform actions on your behalf within the affected application, such as modifying settings, submitting forms, or accessing restricted data.
  • If the vulnerability is exploited, it could lead to a loss of confidentiality and integrity of your data, as well as potential reputational damage if sensitive information is exposed.

For organizations using Adobe Experience Manager, this vulnerability could result in unauthorized access to internal systems, data breaches, or further attacks targeting other users or systems within the network.

Compliance Impact

This vulnerability could impact compliance with several common standards and regulations, depending on the context in which Adobe Experience Manager is used:

  • GDPR (General Data Protection Regulation): If the vulnerability leads to unauthorized access or exposure of personal data of EU citizens, it could result in a violation of GDPR. Organizations may face significant fines and be required to notify affected individuals and authorities.
  • HIPAA (Health Insurance Portability and Accountability Act): If Adobe Experience Manager is used to handle protected health information (PHI) in a healthcare setting, exploitation of this vulnerability could lead to unauthorized access to PHI, violating HIPAA's privacy and security rules. This could result in penalties and legal consequences.
  • PCI DSS (Payment Card Industry Data Security Standard): If the application processes payment card information, a successful exploit could lead to unauthorized access to cardholder data, violating PCI DSS requirements and potentially resulting in fines or loss of payment processing capabilities.

Organizations should assess the potential impact of this vulnerability on their compliance obligations and take appropriate measures to mitigate the risk, such as applying patches, implementing additional security controls, or conducting audits.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-48261. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart