SB2026041780 - Multiple XSS vulnerabilities in Adobe Experience Manager Screens

Description

This security bulletin contains information about 4 secuirty vulnerabilities.

1) Cross-site scripting (CVE-ID: CVE-2026-27288)

The vulnerability allows a remote user to execute arbitrary code.

The vulnerability exists due to cross-site scripting in Adobe Experience Manager Screens when processing stored content. A remote user can inject a malicious script to execute arbitrary code.

User interaction is required.

2) Cross-site scripting (CVE-ID: CVE-2026-34623)

The vulnerability allows a remote user to escalate privileges.

The vulnerability exists due to cross-site scripting in Adobe Experience Manager Screens when processing DOM-based content. A remote user can inject a malicious script to escalate privileges.

User interaction is required.

3) Cross-site scripting (CVE-ID: CVE-2026-34624)

The vulnerability allows a remote user to execute arbitrary code.

The vulnerability exists due to cross-site scripting in Adobe Experience Manager Screens when processing DOM-based content. A remote user can inject a malicious script to execute arbitrary code.

User interaction is required.

4) Cross-site scripting (CVE-ID: CVE-2026-34625)

The vulnerability allows a remote user to execute arbitrary code.

The vulnerability exists due to cross-site scripting in Adobe Experience Manager Screens when processing DOM-based content. A remote user can inject a malicious script to execute arbitrary code.

User interaction is required.

Remediation

Install update from vendor's website.

References

• https://helpx.adobe.com/security/products/aem-screens/apsb26-34.html
• https://helpx.adobe.com/security/products/experience-manager/apsb26-34.html