CVE-2025-47087 is a stored Cross-Site Scripting (XSS) vulnerability identified in Adobe Experience Manager (AEM) versions 6.5.22 and earlier. This vulnerability allows a low privileged attacker to inject malicious JavaScript code into vulnerable form fields within the AEM application. When a victim user visits a page containing the compromised form field, the injected script executes in their browser context. Stored XSS differs from reflected XSS in that the malicious payload is permanently stored on the server side, typically in a database or content repository, and served to multiple users, increasing the attack's reach and persistence. The vulnerability is classified under CWE-79, which covers improper neutralization of input during web page generation. The CVSS v3.1 base score is 5.4 (medium severity), with the vector indicating network attack vector (AV:N), low attack complexity (AC:L), requiring low privileges (PR:L), and user interaction (UI:R). The scope is changed (S:C), meaning the vulnerability affects resources beyond the initially vulnerable component. The impact affects confidentiality and integrity (C:L, I:L) but not availability (A:N). No known exploits are currently reported in the wild, and no patches have been linked yet. The vulnerability arises from insufficient input validation or output encoding in form fields, allowing script injection that can lead to session hijacking, credential theft, or unauthorized actions performed on behalf of the victim user within the AEM environment.

For European organizations using Adobe Experience Manager, this vulnerability poses a significant risk to web application security and user trust. A successful exploitation could lead to unauthorized access to sensitive information, including session tokens, personal data, or internal content managed via AEM. This can result in data breaches, reputational damage, and compliance violations under regulations such as GDPR. Since AEM is widely used by enterprises and public sector organizations across Europe for content management and digital experience delivery, the impact could be broad, affecting customer-facing websites, intranets, and portals. Attackers exploiting this vulnerability could impersonate legitimate users, manipulate content, or conduct phishing campaigns leveraging the trusted domain. The requirement for user interaction (victim visiting the malicious page) means social engineering or targeted phishing may be used to increase success rates. The medium severity score reflects moderate risk, but the potential for persistent compromise and data leakage makes it a critical concern for organizations with high-value or sensitive web assets.

1. Immediate mitigation should include reviewing and sanitizing all user input fields in Adobe Experience Manager forms to ensure proper input validation and output encoding, especially for HTML and JavaScript content. 2. Implement Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in browsers. 3. Limit privileges of users who can submit content to reduce the risk from low privileged attackers. 4. Monitor web application logs for unusual input patterns or script injection attempts. 5. Educate users and administrators about the risks of clicking on untrusted links or submitting unverified content. 6. Apply any available vendor patches or updates as soon as Adobe releases them. 7. Use web application firewalls (WAFs) with rules tailored to detect and block XSS payloads targeting AEM. 8. Conduct regular security assessments and penetration testing focused on input validation and XSS vulnerabilities in AEM deployments. 9. Review and harden AEM configurations to minimize exposure of vulnerable components and restrict access to administrative interfaces.