Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (dom-based) vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser.
https://helpx.adobe.com/security/products/experience-manager/apsb20-31.html