Adobe Adobe Based in San Jose, best known for creating Photoshop, Acrobat (PDF).

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Adobe product.

Products by Adobe Sorted by Most Security Vulnerabilities since 2018

Adobe Experience Manager658 vulnerabilities
Adobe Experience Manager (AEM), is a comprehensive content management solution for building websites, mobile apps and forms

Adobe Acrobat110 vulnerabilities
Application for working with PDF documents

Adobe ColdFusion105 vulnerabilities
Web application server since 1995. Tag or script based programming language CFML.

Adobe Commerce103 vulnerabilities

Adobe Magento79 vulnerabilities

Adobe Commerce69 vulnerabilities

Adobe Substance 3d Painter53 vulnerabilities

Adobe Animate51 vulnerabilities

Adobe InDesign45 vulnerabilities

Adobe Connect42 vulnerabilities

Adobe Illustrator37 vulnerabilities

Adobe Magento Open Source32 vulnerabilities

Adobe Framemaker24 vulnerabilities

Adobe Dimension23 vulnerabilities

Adobe Commerce B2b22 vulnerabilities

Adobe Bridge19 vulnerabilities

Adobe Photoshop15 vulnerabilities
Popular Photo Editing Software

Adobe After Effects15 vulnerabilities

Adobe Substance 3d Sampler14 vulnerabilities

Adobe Digital Editions12 vulnerabilities

Adobe Media Encoder12 vulnerabilities

Adobe Creative Cloud Desktop Application11 vulnerabilities
The desktop client for Adobe Creative Cloud

Adobe Substance 3d Stager11 vulnerabilities

Adobe Substance 3d Modeler9 vulnerabilities

Adobe Substance 3d Designer8 vulnerabilities

Adobe Audition7 vulnerabilities

Adobe Premiere Pro6 vulnerabilities

Adobe Incopy4 vulnerabilities

Adobe Acrobat Dc3 vulnerabilities

Adobe Acrobat Reader3 vulnerabilities

Adobe Acrobat Reader Dc3 vulnerabilities

Adobe Dreamweaver2 vulnerabilities

Adobe Photoshop Elements2 vulnerabilities

Adobe Lightroom2 vulnerabilities

Adobe Aero1 vulnerability

Adobe Pdf Library Sdk1 vulnerability

Recent Adobe Security Advisories

Advisory Title Published
APSB25-04 Security Updates Available for Adobe Illustrator Mobile - IOS | APSB25-04 January 14, 2025
APSB25-02 Security updates available for Adobe Photoshop | APSB25-02 January 14, 2025
APSB25-05 Security updates available for Adobe Animate | APSB25-05 January 14, 2025
APSB24-107 Security updates available for Adobe ColdFusion | APSB24-107 December 23, 2024
APSB24-101 Security updates available for Adobe Photoshop | APSB24-101 December 10, 2024
APSB24-94 Security Updates Available for Adobe Illustrator | APSB24-94 December 10, 2024
APSB24-96 Security updates available for Adobe Animate | APSB24-96 December 10, 2024
APSB24-93 Security Updates Available for Adobe Media Encoder | APSB24-93 December 10, 2024
APSB24-98 Security update available for Adobe DNG Software Development Kit (SDK) | APSB24-98 December 10, 2024
APSB24-69 Security updates available for Adobe Experience Manager | APSB24-69 December 10, 2024

Known Exploited Adobe Vulnerabilities

The following Adobe vulnerabilities have recently been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Adobe ColdFusion Improper Access Control Vulnerability Adobe ColdFusion contains an improper access control vulnerability that could allow an attacker to access or modify restricted files via an internet-exposed admin panel.
CVE-2024-20767 Exploit Probability: 96.7%
December 16, 2024
Adobe Flash Player Double Free Vulnerablity Adobe Flash Player contains a double free vulnerability that allows a remote attacker to execute arbitrary code.
CVE-2014-0502 Exploit Probability: 35.0%
September 17, 2024
Adobe Flash Player Incorrect Default Permissions Vulnerability Adobe Flash Player contains an incorrect default permissions vulnerability in the Firefox sandbox that allows a remote attacker to execute arbitrary code via crafted SWF content.
CVE-2013-0643 Exploit Probability: 17.6%
September 17, 2024
Adobe Flash Player Code Execution Vulnerability Adobe Flash Player contains an unspecified vulnerability in the ExternalInterface ActionScript functionality that allows a remote attacker to execute arbitrary code via crafted SWF content.
CVE-2013-0648 Exploit Probability: 17.6%
September 17, 2024
Adobe Flash Player Integer Underflow Vulnerablity Adobe Flash Player contains an integer underflow vulnerability that allows a remote attacker to execute arbitrary code.
CVE-2014-0497 Exploit Probability: 97.1%
September 17, 2024
Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) V Adobe Commerce and Magento Open Source contain an improper restriction of XML external entity reference (XXE) vulnerability that allows for remote code execution.
CVE-2024-34102 Exploit Probability: 14.8%
July 17, 2024
Adobe ColdFusion Deserialization of Untrusted Data Vulnerability Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution.
CVE-2023-38203 Exploit Probability: 32.6%
January 8, 2024
Adobe ColdFusion Deserialization of Untrusted Data Vulnerability Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution.
CVE-2023-29300 Exploit Probability: 39.8%
January 8, 2024
Adobe Acrobat and Reader Use-After-Free Vulnerability Adobe Acrobat and Reader contains a use-after-free vulnerability that allows for code execution in the context of the current user.
CVE-2023-21608 Exploit Probability: 3.7%
October 10, 2023
Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability Adobe Acrobat and Reader contains an out-of-bounds write vulnerability that allows for code execution.
CVE-2023-26369 Exploit Probability: 3.6%
September 14, 2023
Adobe ColdFusion Deserialization of Untrusted Data Vulnerability Adobe ColdFusion contains a deserialization of untrusted data vulnerability that could result in code execution in the context of the current user.
CVE-2023-26359 Exploit Probability: 11.6%
August 21, 2023
Adobe ColdFusion Improper Access Control Vulnerability Adobe ColdFusion contains an improper access control vulnerability that allows for a security feature bypass.
CVE-2023-38205 Exploit Probability: 23.1%
July 20, 2023
Adobe ColdFusion Improper Access Control Vulnerability Adobe ColdFusion contains an improper access control vulnerability that allows for a security feature bypass.
CVE-2023-29298 Exploit Probability: 97.2%
July 20, 2023
Adobe ColdFusion Improper Access Control Vulnerability Adobe ColdFusion contains an improper access control vulnerability that allows for remote code execution.
CVE-2023-26360 Exploit Probability: 56.2%
March 15, 2023
Adobe Acrobat and Reader Universal 3D Remote Code Execution Vulnerability Adobe Acrobat and Reader contains an array boundary issue in Universal 3D (U3D) support that could lead to remote code execution.
CVE-2009-3953 Exploit Probability: 96.3%
June 8, 2022
Adobe Flash Player Memory Corruption Vulnerability Adobe Flash Player contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service.
CVE-2010-1297 Exploit Probability: 86.5%
June 8, 2022
Adobe Acrobat and Reader Unspecified Vulnerability Adobe Acrobat and Reader contains an unespecified vulnerability described as a design flaw which could allow a specially crafted file to be printed silently an arbitrary number of times.
CVE-2008-0655 Exploit Probability: 50.8%
June 8, 2022
Adobe Acrobat and Reader Double Free Vulnerability Adobe Acrobat and Reader have a double free vulnerability that could lead to remote code execution.
CVE-2018-4990 Exploit Probability: 8.8%
June 8, 2022
Adobe Acrobat and Reader, Flash Player Unspecified Vulnerability Adobe Acrobat and Reader and Adobe Flash Player allows remote attackers to execute code or cause denial-of-service.
CVE-2009-1862 Exploit Probability: 64.1%
June 8, 2022
Adobe Acrobat and Reader Use-After-Free Vulnerability Use-after-free vulnerability in Adobe Acrobat and Reader allows remote attackers to execute code via a crafted PDF file.
CVE-2009-4324 Exploit Probability: 93.8%
June 8, 2022

Of the known exploited vulnerabilities above, 5 are in the top 1%, or the 99th percentile of the EPSS exploit probability rankings. 12 known exploited Adobe vulnerabilities are in the top 5% (95th percentile or greater) of the EPSS exploit probability rankings.

Top 10 Riskiest Adobe Vulnerabilities

Based on the current exploit probability, these Adobe vulnerabilities are on CISA's Known Exploited vulnerabilities list (KEV) and are ranked by the current EPSS exploit probability.

Rank CVE EPSS Vulnerability
1 CVE-2018-15961 97.4% Adobe ColdFusion Remote Code Execution
2 CVE-2009-0927 97.4% Adobe Reader and Adobe Acrobat Stack-Based Buffer Overflow Vulnerability
3 CVE-2015-0313 97.3% Adobe Flash Player Use-After-Free Vulnerability
4 CVE-2015-0311 97.3% Adobe Flash Player Remote Code Execution Vulnerability
5 CVE-2016-4117 97.3% Adobe Flash Player Arbitrary Code Execution Vulnerability
6 CVE-2023-29298 97.2% Adobe ColdFusion Improper Access Control Vulnerability
7 CVE-2018-4878 97.2% Adobe Flash Player Use-After-Free vulnerability
8 CVE-2011-0609 97.1% Adobe Flash Player Unspecified Vulnerability
9 CVE-2018-15982 97.1% Adobe Flash Player Use-After-Free Vulnerability
10 CVE-2014-0497 97.1% Adobe Flash Player Integer Underflow Vulnerablity

By the Year

In 2025 there have been 5 vulnerabilities in Adobe with an average score of 7.8 out of ten. Last year, in 2024 Adobe had 743 security vulnerabilities published. Right now, Adobe is on track to have less security vulnerabilities in 2025 than it did last year. However, the average CVE base score of the vulnerabilities in 2025 is greater by 1.58.




Year Vulnerabilities Average Score
2025 5 7.80
2024 743 6.22
2023 590 6.29
2022 421 6.80
2021 317 6.80
2020 306 7.46
2019 41 7.63
2018 91 7.58

It may take a day or so for new Adobe vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Adobe Security Vulnerabilities

Animate versions 24.0.6, 23.0.9 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability

CVE-2025-21135 7.8 - High - January 14, 2025

Animate versions 24.0.6, 23.0.9 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Integer underflow

Illustrator on iPad versions 3.0.7 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability

CVE-2025-21134 7.8 - High - January 14, 2025

Illustrator on iPad versions 3.0.7 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Integer underflow

Illustrator on iPad versions 3.0.7 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability

CVE-2025-21133 7.8 - High - January 14, 2025

Illustrator on iPad versions 3.0.7 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Integer underflow

Photoshop Desktop versions 25.12, 26.1 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability

CVE-2025-21122 7.8 - High - January 14, 2025

Photoshop Desktop versions 25.12, 26.1 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Integer underflow

Photoshop Desktop versions 25.12, 26.1 and earlier are affected by an Uncontrolled Search Path Element vulnerability

CVE-2025-21127 7.8 - High - January 14, 2025

Photoshop Desktop versions 25.12, 26.1 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could lead to arbitrary code execution. An attacker could manipulate the search path environment variable to point to a malicious library, resulting in the execution of arbitrary code when the application loads. Exploitation of this issue requires user interaction in that a victim must run the vulnerable application.

DLL preloading

ColdFusion Path Traversal Vulnerability in File System Access

CVE-2024-53961 7.4 - High - December 23, 2024

ColdFusion versions 2023.11, 2021.17 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access files or directories that are outside of the restricted directory set by the application. This could lead to the disclosure of sensitive information or the manipulation of system data.

Directory traversal

ColdFusion Path Traversal Vulnerability in File System Access

CVE-2024-53961 7.4 - High - December 23, 2024

ColdFusion versions 2023.11, 2021.17 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access files or directories that are outside of the restricted directory set by the application. This could lead to the disclosure of sensitive information or the manipulation of system data.

Directory traversal

Adobe Acrobat Reader NULL Pointer Dereference Vulnerability

CVE-2023-21586 5.5 - Medium - December 19, 2024

Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by a NULL Pointer Dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

NULL Pointer Dereference

Substance3D Modeler Heap-based Buffer Overflow Vulnerability

CVE-2024-52999 7.8 - High - December 10, 2024

Substance3D - Modeler versions 1.14.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption

Adobe Experience Manager Improper Input Validation Vulnerability

CVE-2024-43755 8.8 - High - December 10, 2024

Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect the integrity of the page. Exploitation of this issue requires user interaction.

Improper Input Validation

Substance3D Modeler Out-of-Bounds Write Arbitrary Code Execution Vulnerability

CVE-2024-53000 7.8 - High - December 10, 2024

Substance3D - Modeler versions 1.14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption

Substance3D Modeler Out-of-Bounds Write Arbitrary Code Execution Vulnerability

CVE-2024-53001 7.8 - High - December 10, 2024

Substance3D - Modeler versions 1.14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption

Substance3D Modeler Out-of-Bounds Write Arbitrary Code Execution Vulnerability

CVE-2024-53002 7.8 - High - December 10, 2024

Substance3D - Modeler versions 1.14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption

Substance3D Modeler Out-of-Bounds Write Arbitrary Code Execution Vulnerability

CVE-2024-53003 7.8 - High - December 10, 2024

Substance3D - Modeler versions 1.14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption

Substance3D Modeler Out-of-Bounds Read Vulnerability

CVE-2024-53004 5.5 - Medium - December 10, 2024

Substance3D - Modeler versions 1.14.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Out-of-bounds Read

Substance3D Modeler Out-of-Bounds Read Vulnerability

CVE-2024-53005 5.5 - Medium - December 10, 2024

Substance3D - Modeler versions 1.14.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Out-of-bounds Read

Substance3D Modeler NULL Pointer Dereference Denial-of-Service Vulnerability

CVE-2024-53006 5.5 - Medium - December 10, 2024

Substance3D - Modeler versions 1.14.1 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

NULL Pointer Dereference

Substance3D Modeler NULL Pointer Dereference Denial-of-Service Vulnerability

CVE-2024-52833 5.5 - Medium - December 10, 2024

Substance3D - Modeler versions 1.14.1 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

NULL Pointer Dereference

Adobe Bridge Integer Underflow Arbitrary Code Execution Vulnerability

CVE-2024-53955 7.8 - High - December 10, 2024

Bridge versions 14.1.3, 15.0 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Integer underflow

Adobe Framemaker Stack-based Buffer Overflow Vulnerability

CVE-2024-53959 7.8 - High - December 10, 2024

Adobe Framemaker versions 2020.7, 2022.5 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption

Adobe Premiere Pro Heap-based Buffer Overflow Vulnerability

CVE-2024-53956 7.8 - High - December 10, 2024

Premiere Pro versions 25.0, 24.6.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption

Substance3D Painter Out-of-Bounds Write Arbitrary Code Execution Vulnerability

CVE-2024-53958 7.8 - High - December 10, 2024

Substance3D - Painter versions 10.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption

Substance3D Painter Heap-based Buffer Overflow Vulnerability

CVE-2024-53957 7.8 - High - December 10, 2024

Substance3D - Painter versions 10.1.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption

Adobe Experience Manager Stored XSS Vulnerability in Form Fields

CVE-2024-52865 5.4 - Medium - December 10, 2024

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager Improper Access Control Vulnerability

CVE-2024-43716 8.8 - High - December 10, 2024

Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality. Exploitation of this issue does not require user interaction.

Authorization

Adobe Experience Manager Improper Access Control Vulnerability

CVE-2024-43717 8.8 - High - December 10, 2024

Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality. Exploitation of this issue does not require user interaction.

Authorization

Adobe Experience Manager Improper Authorization Vulnerability

CVE-2024-43731 8.3 - High - December 10, 2024

Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.

AuthZ

Adobe Experience Manager Stored XSS Vulnerability in Form Fields

CVE-2024-52864 5.4 - Medium - December 10, 2024

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager DOM-based XSS Vulnerability

CVE-2024-43712 5.4 - Medium - December 10, 2024

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could allow an attacker to execute arbitrary code in the context of the victim's browser. This issue occurs when data from a user-controllable source is improperly sanitized before being used in the Document Object Model (DOM) of a web page, leading to the execution of malicious scripts. Exploitation of this issue requires user interaction, such as tricking a victim into clicking a link or navigating to a malicious website.

XSS

Adobe Experience Manager Stored XSS Vulnerability in Form Fields

CVE-2024-53960 5.4 - Medium - December 10, 2024

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager DOM-based XSS Vulnerability

CVE-2024-43713 5.4 - Medium - December 10, 2024

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user input, the attacker can inject malicious scripts that run when the page is rendered. This type of attack requires user interaction, as the victim would need to access a manipulated URL or page with the malicious script.

XSS

Adobe Experience Manager DOM-based XSS Vulnerability

CVE-2024-43714 5.4 - Medium - December 10, 2024

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user input, the attacker can inject malicious scripts that run when the page is rendered. This type of attack requires user interaction, as the victim would need to visit a malicious link or input data into a vulnerable page.

XSS

Adobe Experience Manager DOM-based XSS Vulnerability

CVE-2024-43715 5.4 - Medium - December 10, 2024

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user input, the attacker can inject malicious scripts that run when the page is rendered. This type of attack requires user interaction, as the victim would need to visit a malicious link or input data into a compromised form.

XSS

Adobe Experience Manager Stored XSS Vulnerability in Form Fields

CVE-2024-43718 5.4 - Medium - December 10, 2024

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager DOM-based XSS Vulnerability

CVE-2024-43719 5.4 - Medium - December 10, 2024

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user input, the attacker can inject malicious scripts that run when the page is rendered. This type of attack requires user interaction, as the victim would need to access the manipulated URL or input.

XSS

Adobe Experience Manager DOM-based XSS Vulnerability

CVE-2024-43720 5.4 - Medium - December 10, 2024

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited to execute arbitrary code in the context of the victim's browser session. By manipulating the DOM environment in the victim's browser, an attacker can inject malicious scripts that are executed by the victim's browser. Exploitation of this issue requires user interaction, typically in the form of following a malicious link.

XSS

Adobe Experience Manager DOM-based XSS Vulnerability

CVE-2024-43721 5.4 - Medium - December 10, 2024

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user input, the attacker can inject malicious scripts that run when the page is rendered. This type of attack requires user interaction, as the victim would need to access a manipulated link or input data into a vulnerable page.

XSS

Adobe Experience Manager DOM-based XSS Vulnerability

CVE-2024-43722 5.4 - Medium - December 10, 2024

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user input, the attacker can inject malicious scripts that run when the page is rendered. This type of attack requires user interaction, as the victim would need to access the manipulated URL or input.

XSS

Adobe Experience Manager DOM-based XSS Vulnerability

CVE-2024-43723 5.4 - Medium - December 10, 2024

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user input, the attacker can inject malicious scripts that run when the page is rendered. This type of attack requires user interaction, as the victim would need to visit a malicious link or page.

XSS

Adobe Experience Manager DOM-based XSS Vulnerability

CVE-2024-43724 5.4 - Medium - December 10, 2024

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user input, the attacker can inject malicious scripts that run when the page is rendered. Exploitation of this issue requires user interaction.

XSS

Adobe Experience Manager Stored XSS Vulnerability in Form Fields

CVE-2024-43725 5.4 - Medium - December 10, 2024

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager Stored XSS Vulnerability in Form Fields

CVE-2024-43726 5.4 - Medium - December 10, 2024

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager Stored XSS Vulnerability in Form Fields

CVE-2024-43727 5.4 - Medium - December 10, 2024

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager Stored XSS Vulnerability in Form Fields

CVE-2024-43728 5.4 - Medium - December 10, 2024

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager Improper Authorization Vulnerability

CVE-2024-43729 8.8 - High - December 10, 2024

Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a high impact on integrity. Exploitation of this issue does not require user interaction.

AuthZ

Adobe Experience Manager Stored XSS Vulnerability in Form Fields

CVE-2024-43730 5.4 - Medium - December 10, 2024

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager DOM-based XSS Vulnerability

CVE-2024-43732 4.6 - Medium - December 10, 2024

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could allow an attacker to execute arbitrary code in the context of the victim's browser. This issue occurs when data from a malicious source is processed by a web application's client-side scripts to update the DOM. Exploitation of this issue requires user interaction, such as convincing a victim to click on a malicious link.

XSS

Adobe Experience Manager DOM-based XSS Vulnerability

CVE-2024-43733 5.4 - Medium - December 10, 2024

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user input, the attacker can inject malicious scripts that run when the page is rendered. This type of attack requires user interaction, as the victim would need to visit a malicious link or input data into a compromised form.

XSS

Adobe Experience Manager Stored XSS Vulnerability in Form Fields

CVE-2024-43734 5.4 - Medium - December 10, 2024

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager Reflected Cross-Site Scripting (XSS) Vulnerability

CVE-2024-43735 5.4 - Medium - December 10, 2024

Adobe Experience Manager versions 6.5.21 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

XSS

Adobe Experience Manager Stored XSS Vulnerability in Form Fields

CVE-2024-43736 5.4 - Medium - December 10, 2024

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager Stored XSS Vulnerability in Form Fields

CVE-2024-43737 5.4 - Medium - December 10, 2024

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager DOM-based XSS Vulnerability

CVE-2024-43738 5.4 - Medium - December 10, 2024

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could allow an attacker to execute arbitrary code in the context of the victim's browser. This issue occurs when data from a malicious source is processed by a web application and subsequently written to the web page without proper sanitization, allowing for the execution of unintended script code or the alteration of the intended user interface. User interaction is required as the victim must visit a malicious page or view a maliciously crafted link.

XSS

Adobe Experience Manager Stored XSS Vulnerability in Form Fields

CVE-2024-43739 5.4 - Medium - December 10, 2024

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager Stored XSS Vulnerability in Form Fields

CVE-2024-43740 5.4 - Medium - December 10, 2024

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager Stored XSS Vulnerability in Form Fields

CVE-2024-43742 5.4 - Medium - December 10, 2024

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager Stored XSS Vulnerability in Form Fields

CVE-2024-43743 5.4 - Medium - December 10, 2024

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager Stored XSS Vulnerability in Form Fields

CVE-2024-43744 5.4 - Medium - December 10, 2024

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager Reflected Cross-Site Scripting (XSS) Vulnerability

CVE-2024-43745 5.4 - Medium - December 10, 2024

Adobe Experience Manager versions 6.5.21 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

XSS

Adobe Experience Manager Stored XSS Vulnerability in Form Fields

CVE-2024-43746 5.4 - Medium - December 10, 2024

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager Stored XSS Vulnerability in Form Fields

CVE-2024-43747 5.4 - Medium - December 10, 2024

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager Stored XSS Vulnerability in Form Fields

CVE-2024-43748 5.4 - Medium - December 10, 2024

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager Stored XSS Vulnerability in Form Fields

CVE-2024-43749 5.4 - Medium - December 10, 2024

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager Stored XSS Vulnerability in Form Fields

CVE-2024-43750 5.4 - Medium - December 10, 2024

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager Stored XSS Vulnerability in Form Fields

CVE-2024-43751 5.4 - Medium - December 10, 2024

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager Stored XSS Vulnerability in Form Fields

CVE-2024-43752 5.4 - Medium - December 10, 2024

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager DOM-based XSS Vulnerability

CVE-2024-43754 5.4 - Medium - December 10, 2024

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could allow an attacker to execute arbitrary code in the context of the victim's browser. This issue occurs when data from a malicious source is processed by a web application's client-side scripts to update the DOM. Exploitation of this issue requires user interaction, such as convincing a victim to click on a malicious link.

XSS

Adobe Experience Manager Stored XSS Vulnerability in Form Fields

CVE-2024-52991 5.4 - Medium - December 10, 2024

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager Stored XSS Vulnerability in Form Fields

CVE-2024-52992 5.4 - Medium - December 10, 2024

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager Stored XSS Vulnerability in Form Fields

CVE-2024-52993 5.4 - Medium - December 10, 2024

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager Stored XSS Vulnerability in Form Fields

CVE-2024-52817 5.4 - Medium - December 10, 2024

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager Stored XSS Vulnerability in Form Fields

CVE-2024-52818 5.4 - Medium - December 10, 2024

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager DOM-based XSS Vulnerability

CVE-2024-52822 5.4 - Medium - December 10, 2024

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user input, the attacker can inject malicious scripts that run when the page is rendered. This type of attack requires user interaction, as the victim would need to access a manipulated URL or page with the malicious script.

XSS

Adobe Experience Manager DOM-based XSS Vulnerability

CVE-2024-52823 5.4 - Medium - December 10, 2024

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user input, the attacker can inject malicious scripts that run when the page is rendered. This type of attack requires user interaction, as the victim would need to visit a malicious link or input data into a compromised form.

XSS

Adobe Experience Manager Stored XSS Vulnerability in Form Fields

CVE-2024-52824 5.4 - Medium - December 10, 2024

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager Stored XSS Vulnerability in Form Fields

CVE-2024-52825 5.4 - Medium - December 10, 2024

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager Stored XSS Vulnerability in Form Fields

CVE-2024-52826 5.4 - Medium - December 10, 2024

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager Stored XSS Vulnerability in Form Fields

CVE-2024-52827 5.4 - Medium - December 10, 2024

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager Stored XSS Vulnerability in Form Fields

CVE-2024-52828 5.4 - Medium - December 10, 2024

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager Stored XSS Vulnerability in Form Fields

CVE-2024-52829 5.4 - Medium - December 10, 2024

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager Stored XSS Vulnerability in Form Fields

CVE-2024-52830 5.4 - Medium - December 10, 2024

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager Improper Input Validation Arbitrary Code Execution Vulnerability

CVE-2024-52831 7.8 - High - December 10, 2024

Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect the integrity of the page. Exploitation of this issue requires user interaction.

Improper Input Validation

Adobe Experience Manager Stored XSS Vulnerability in Form Fields

CVE-2024-52832 5.4 - Medium - December 10, 2024

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager Stored XSS Vulnerability in Form Fields

CVE-2024-52834 5.4 - Medium - December 10, 2024

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager Stored XSS Vulnerability in Form Fields

CVE-2024-52835 5.4 - Medium - December 10, 2024

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager Stored XSS Vulnerability in Form Fields

CVE-2024-52836 5.4 - Medium - December 10, 2024

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager DOM-based XSS Vulnerability

CVE-2024-52837 5.4 - Medium - December 10, 2024

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user input, the attacker can inject malicious scripts that run when the page is rendered. This type of attack requires user interaction, as the victim would need to access the manipulated URL or input for the exploit to execute.

XSS

Adobe Experience Manager DOM-based XSS Vulnerability

CVE-2024-52838 5.4 - Medium - December 10, 2024

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user input, the attacker can inject malicious scripts that run when the page is rendered. This type of attack requires user interaction, as the victim would need to visit a malicious link or input data into a compromised form.

XSS

Adobe Experience Manager DOM-based XSS Vulnerability

CVE-2024-52839 5.4 - Medium - December 10, 2024

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user input, the attacker can inject malicious scripts that run when the page is rendered. This type of attack requires user interaction, as the victim would need to visit a malicious link or input data into a compromised form.

XSS

Adobe Experience Manager DOM-based XSS Vulnerability

CVE-2024-52840 5.4 - Medium - December 10, 2024

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user input, the attacker can inject malicious scripts that run when the page is rendered. This type of attack requires user interaction, as the victim would need to access the manipulated URL or input the malicious data themselves.

XSS

Adobe Experience Manager Stored XSS Vulnerability in Form Fields

CVE-2024-52841 5.4 - Medium - December 10, 2024

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager Stored XSS Vulnerability in Form Fields

CVE-2024-52842 5.4 - Medium - December 10, 2024

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager Stored XSS Vulnerability in Form Fields

CVE-2024-52843 5.4 - Medium - December 10, 2024

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager DOM-based XSS Vulnerability

CVE-2024-52844 5.4 - Medium - December 10, 2024

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user input, the attacker can inject malicious scripts that run when the page is rendered. This type of attack requires user interaction, as the victim would need to visit a malicious link or input data into a compromised form.

XSS

Adobe Experience Manager Stored XSS Vulnerability in Form Fields

CVE-2024-52845 5.4 - Medium - December 10, 2024

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager Stored XSS Vulnerability in Form Fields

CVE-2024-52846 5.4 - Medium - December 10, 2024

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager Stored XSS Vulnerability in Form Fields

CVE-2024-52847 5.4 - Medium - December 10, 2024

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager Stored XSS Vulnerability in Form Fields

CVE-2024-52848 5.4 - Medium - December 10, 2024

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager Stored XSS Vulnerability in Form Fields

CVE-2024-52849 5.4 - Medium - December 10, 2024

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager Stored XSS Vulnerability in Form Fields

CVE-2024-52850 5.4 - Medium - December 10, 2024

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.