Adobe Experience Manager Forms — known CVE vulnerabilities
Every CVE whose affected-product data names Adobe Experience Manager Forms, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVE-2020-9732 — CVSS 9.0 (critical): The AEM Forms add-on for versions 6.5.5.0 (and below) and 6.4.8.2 (and below) are affected by a stored XSS vulnerability that allows users…
CVE-2025-54254 — CVSS 8.6 (high): Adobe Experience Manager versions 6.5.23 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE')…
CVE-2020-9733 — CVSS 7.5 (high): An AEM java servlet in AEM versions 6.5.5.0 (and below) and 6.4.8.1 (and below) executes with the permissions of a high privileged service…
CVE-2017-3067 — CVSS 7.5 (high): Adobe Experience Manager Forms versions 6.2, 6.1, 6.0 have an information disclosure vulnerability resulting from abuse of the…
CVE-2019-8089 — CVSS 6.1 (medium): Adobe Experience Manager Forms versions 6.3-6.5 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to…
CVE-2019-7129 — CVSS 6.1 (medium): Adobe Experience Manager Forms versions 6.2, 6.3 and 6.4 have a stored cross-site scripting vulnerability. Successful exploitation could…
CVE-2016-6934 — CVSS 6.1 (medium): Adobe Experience Manager Forms versions 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4 have an input validation issue in the PMAdmin…