Adobe Adobe Based in San Jose, best known for creating Photoshop, Acrobat (PDF).

Do you want an email whenever new security vulnerabilities are reported in any Adobe product?

Products by Adobe Sorted by Most Security Vulnerabilities since 2018

Adobe 930 vulnerabilities

Adobe Experience Manager345 vulnerabilities
Adobe Experience Manager (AEM), is a comprehensive content management solution for building websites, mobile apps and forms

Adobe ColdFusion91 vulnerabilities
Web application server since 1995. Tag or script based programming language CFML.

Adobe Acrobat Dc57 vulnerabilities

Adobe Acrobat Reader Dc56 vulnerabilities

Adobe Commerce47 vulnerabilities

Adobe Acrobat Reader43 vulnerabilities

Adobe Acrobat42 vulnerabilities
Application for working with PDF documents

Adobe Magento Open Source32 vulnerabilities

Adobe Substance 3d Painter23 vulnerabilities

Adobe Magento23 vulnerabilities

Adobe Commerce23 vulnerabilities

Adobe Connect20 vulnerabilities

Adobe Xmp Toolkit Sdk16 vulnerabilities

Adobe Air15 vulnerabilities

Adobe Dimension15 vulnerabilities

Adobe Air Sdk13 vulnerabilities

Adobe Digital Editions12 vulnerabilities

Adobe Framemaker10 vulnerabilities

Adobe Animate8 vulnerabilities

Adobe Bridge6 vulnerabilities

Adobe Creative Cloud6 vulnerabilities

Adobe Substance 3d Sampler6 vulnerabilities

Adobe Substance 3d Designer5 vulnerabilities

Adobe Premiere Rush5 vulnerabilities

Adobe Air4 vulnerabilities

Adobe Illustrator4 vulnerabilities

Adobe After Effects2 vulnerabilities

Adobe Css Tools2 vulnerabilities

Adobe Photoshop Elements2 vulnerabilities

Adobe Incopy2 vulnerabilities

Adobe Photoshop2 vulnerabilities

Adobe Magento Commerce2 vulnerabilities

Adobe Premiere Elements1 vulnerability

Adobe Premiere Pro Cc1 vulnerability

Adobe Push Notifications1 vulnerability

Adobe Robohelp1 vulnerability

Adobe Robohelp Server1 vulnerability

Adobe Shockwave Player1 vulnerability

Adobe Acs Aem Commons1 vulnerability

Adobe Prelude Cc1 vulnerability

Adobe Photoshop CC1 vulnerability
Popular Photo Editing Software

Adobe Ops Cli1 vulnerability

Adobe Media Encoder1 vulnerability

Adobe Livecycle Es41 vulnerability

Adobe Download Manager1 vulnerability

Adobe Director1 vulnerability

Adobe Air Sdk1 vulnerability

Adobe Character Animator1 vulnerability

Adobe Captivate1 vulnerability

Adobe Application Manager1 vulnerability

Recent Adobe Security Advisories

Advisory Title Published
APSB24-03 Security Updates Available for Adobe Commerce | APSB24-03 February 13, 2024
APSB24-07 Prenotification Security Advisory for Adobe Acrobat and Reader  | APSB24-07 February 13, 2024
APSB24-11 Security Updates Available for Adobe Audition | APSB24-11 February 13, 2024
APSB24-10 Security Updates Available for Adobe Framemaker | APSB24-10 February 13, 2024
APSB23-77 Security updates available for Adobe Experience Manager | APSB23-77 December 15, 2023
APSB23-68 Security Updates Available for Adobe Illustrator | APSB23-68 December 12, 2023
APSB23-70 Security Update Available for Adobe InDesign | APSB23-70 December 12, 2023
APSB23-72 Security updates available for Adobe Experience Manager | APSB23-72 December 12, 2023
APSB23-71 Security updates available for Adobe Dimension | APSB23-71 December 12, 2023
APSB23-67 Security Updates Available for Adobe Prelude | APSB23-67 December 12, 2023

Known Exploited Adobe Vulnerabilities

The following Adobe vulnerabilities have recently been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Adobe ColdFusion Deserialization of Untrusted Data Vulnerability Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution. CVE-2023-29300 January 8, 2024
Adobe ColdFusion Deserialization of Untrusted Data Vulnerability Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution. CVE-2023-38203 January 8, 2024
Adobe Acrobat and Reader Use-After-Free Vulnerability Adobe Acrobat and Reader contains a use-after-free vulnerability that allows for code execution in the context of the current user. CVE-2023-21608 October 10, 2023
Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability Adobe Acrobat and Reader contains an out-of-bounds write vulnerability that allows for code execution. CVE-2023-26369 September 14, 2023
Adobe ColdFusion Deserialization of Untrusted Data Vulnerability Adobe ColdFusion contains a deserialization of untrusted data vulnerability that could result in code execution in the context of the current user. CVE-2023-26359 August 21, 2023
Adobe ColdFusion Improper Access Control Vulnerability Adobe ColdFusion contains an improper access control vulnerability that allows for a security feature bypass. CVE-2023-38205 July 20, 2023
Adobe ColdFusion Improper Access Control Vulnerability Adobe ColdFusion contains an improper access control vulnerability that allows for a security feature bypass. CVE-2023-29298 July 20, 2023
Adobe ColdFusion Improper Access Control Vulnerability Adobe ColdFusion contains an improper access control vulnerability that allows for remote code execution. CVE-2023-26360 March 15, 2023
Adobe Acrobat and Reader Unspecified Vulnerability Adobe Acrobat and Reader contains an unespecified vulnerability described as a design flaw which could allow a specially crafted file to be printed silently an arbitrary number of times. CVE-2008-0655 June 8, 2022
Adobe Acrobat and Reader Universal 3D Remote Code Execution Vulnerability Adobe Acrobat and Reader contains an array boundary issue in Universal 3D (U3D) support that could lead to remote code execution. CVE-2009-3953 June 8, 2022
Adobe Flash Player Unspecified Vulnerability Adobe Flash Player contains an unspecified vulnerability which allows remote attackers to execute code or cause denial-of-service. CVE-2011-0609 June 8, 2022
Adobe Flash Player Memory Corruption Vulnerability Adobe Flash Player contains a memory corruption vulnerability which allows remote attackers to execute code or cause denial-of-service. CVE-2012-0754 June 8, 2022
Adobe Acrobat and Reader Double Free Vulnerability Adobe Acrobat and Reader have a double free vulnerability that could lead to remote code execution. CVE-2018-4990 June 8, 2022
Adobe Flash Player Cross-Site Scripting (XSS) Vulnerability Adobe Flash Player contains a XSS vulnerability which allows remote attackers to inject web script or HTML. CVE-2012-0767 June 8, 2022
Adobe Acrobat and Reader, Flash Player Unspecified Vulnerability Adobe Acrobat and Reader and Adobe Flash Player allows remote attackers to execute code or cause denial-of-service. CVE-2009-1862 June 8, 2022
Adobe Flash Player Memory Corruption Vulnerability Adobe Flash Player contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service. CVE-2010-1297 June 8, 2022
Adobe Acrobat and Reader Universal 3D Memory Corruption Vulnerability The Universal 3D (U3D) component in Adobe Acrobat and Reader contains a memory corruption vulnerability which could allow remote attackers to execute code or cause denial-of-service. CVE-2011-2462 June 8, 2022
Adobe Acrobat and Reader Buffer Overflow Vulnerability Adobe Acrobat and Reader contain a buffer overflow vulnerability which allows remote attackers to execute code via a PDF file with long arguments to unspecified JavaScript methods. CVE-2007-5659 June 8, 2022
Adobe Acrobat and Reader Stack-Based Buffer Overflow Vulnerability Adobe Acrobat and Reader contain a stack-based buffer overflow vulnerability which allows remote attackers to execute code or cause denial-of-service. CVE-2010-2883 June 8, 2022
Adobe Acrobat and Reader Use-After-Free Vulnerability Use-after-free vulnerability in Adobe Acrobat and Reader allows remote attackers to execute code via a crafted PDF file. CVE-2009-4324 June 8, 2022

By the Year

In 2024 there have been 33 vulnerabilities in Adobe with an average score of 6.7 out of ten. Last year Adobe had 590 security vulnerabilities published. Right now, Adobe is on track to have less security vulnerabilities in 2024 than it did last year. However, the average CVE base score of the vulnerabilities in 2024 is greater by 0.43.

Year Vulnerabilities Average Score
2024 33 6.73
2023 590 6.29
2022 421 6.80
2021 317 6.80
2020 306 7.46
2019 41 7.63
2018 91 7.58

It may take a day or so for new Adobe vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Adobe Security Vulnerabilities

Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability

CVE-2024-20718 6.5 - Medium - February 15, 2024

Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to trick a victim into performing actions they did not intend to do, which could be used to bypass security measures and gain unauthorized access. Exploitation of this issue requires user interaction, typically in the form of the victim clicking a link or visiting a malicious website.

Session Riding

Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2024-20717 5.4 - Medium - February 15, 2024

Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by an Uncontrolled Resource Consumption vulnerability

CVE-2024-20716 4.9 - Medium - February 15, 2024

Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to an application denial-of-service. A high-privileged attacker could leverage this vulnerability to exhaust system resources, causing the application to slow down or crash. Exploitation of this issue does not require user interaction.

Resource Exhaustion

Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability

CVE-2024-20720 9.1 - Critical - February 15, 2024

Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue does not require user interaction.

Shell injection

Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2024-20719 9.1 - Critical - February 15, 2024

Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into every admin page. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field, that could be leveraged to gain admin access.

XSS

Audition versions 24.0.3, 23.6.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability

CVE-2024-20739 7.8 - High - February 15, 2024

Audition versions 24.0.3, 23.6.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Heap-based Buffer Overflow

Adobe Framemaker versions 2022.1 and earlier are affected by an Improper Authentication vulnerability

CVE-2024-20738 9.8 - Critical - February 15, 2024

Adobe Framemaker versions 2022.1 and earlier are affected by an Improper Authentication vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass authentication mechanisms and gain unauthorized access. Exploitation of this issue does not require user interaction.

authentification

Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability

CVE-2024-20749 5.5 - Medium - February 15, 2024

Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Out-of-bounds Read

Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability

CVE-2024-20748 5.5 - Medium - February 15, 2024

Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Out-of-bounds Read

Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability

CVE-2024-20747 5.5 - Medium - February 15, 2024

Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Out-of-bounds Read

Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability

CVE-2024-20736 5.5 - Medium - February 15, 2024

Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Out-of-bounds Read

Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability

CVE-2024-20735 5.5 - Medium - February 15, 2024

Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Out-of-bounds Read

Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability

CVE-2024-20734 5.5 - Medium - February 15, 2024

Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Dangling pointer

Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an Improper Input Validation vulnerability

CVE-2024-20733 5.5 - Medium - February 15, 2024

Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an Improper Input Validation vulnerability that could lead to an application denial-of-service. An attacker could leverage this vulnerability to cause the application to crash, resulting in a denial of service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Improper Input Validation

Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability

CVE-2024-20731 7.8 - High - February 15, 2024

Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Dangling pointer

Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an Integer Overflow or Wraparound vulnerability

CVE-2024-20730 - February 15, 2024

Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability

CVE-2024-20729 7.8 - High - February 15, 2024

Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Dangling pointer

Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds write vulnerability

CVE-2024-20728 7.8 - High - February 15, 2024

Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption

Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds write vulnerability

CVE-2024-20727 7.8 - High - February 15, 2024

Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption

Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds write vulnerability

CVE-2024-20726 7.8 - High - February 15, 2024

Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption

Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds read vulnerability

CVE-2024-20722 5.5 - Medium - February 15, 2024

Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Out-of-bounds Read

Substance3D - Painter versions 9.1.1 and earlier are affected by a Buffer Overflow vulnerability

CVE-2024-20723 7.8 - High - February 15, 2024

Substance3D - Painter versions 9.1.1 and earlier are affected by a Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Classic Buffer Overflow

Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds read vulnerability

CVE-2024-20724 5.5 - Medium - February 15, 2024

Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Out-of-bounds Read

Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds read vulnerability

CVE-2024-20725 5.5 - Medium - February 15, 2024

Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Out-of-bounds Read

Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds write vulnerability

CVE-2024-20740 7.8 - High - February 15, 2024

Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption

Substance3D - Painter versions 9.1.1 and earlier are affected by a Write-what-where Condition vulnerability

CVE-2024-20741 7.8 - High - February 15, 2024

Substance3D - Painter versions 9.1.1 and earlier are affected by a Write-what-where Condition vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption

Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file

CVE-2024-20742 7.8 - High - February 15, 2024

Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Out-of-bounds Read

Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds write vulnerability

CVE-2024-20743 7.8 - High - February 15, 2024

Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption

Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds write vulnerability

CVE-2024-20744 7.8 - High - February 15, 2024

Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption

Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability

CVE-2023-51463 5.4 - Medium - January 18, 2024

Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

XSS

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2023-51464 5.4 - Medium - January 18, 2024

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Acrobat Reader T5 (MSFT Edge) versions 120.0.2210.91 and earlier are affected by an Improper Input Validation vulnerability

CVE-2024-20709 5.5 - Medium - January 15, 2024

Acrobat Reader T5 (MSFT Edge) versions 120.0.2210.91 and earlier are affected by an Improper Input Validation vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Acrobat Reader T5 (MSFT Edge) versions 120.0.2210.91 and earlier are affected by an Improper Input Validation vulnerability

CVE-2024-20721 5.5 - Medium - January 15, 2024

Acrobat Reader T5 (MSFT Edge) versions 120.0.2210.91 and earlier are affected by an Improper Input Validation vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2023-51457 5.4 - Medium - December 20, 2023

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2023-51458 5.4 - Medium - December 20, 2023

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability

CVE-2023-51459 5.4 - Medium - December 20, 2023

Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

XSS

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2023-51460 5.4 - Medium - December 20, 2023

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2023-51461 5.4 - Medium - December 20, 2023

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability

CVE-2023-51462 5.4 - Medium - December 20, 2023

Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

XSS

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2023-48538 5.4 - Medium - December 15, 2023

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2023-48548 5.4 - Medium - December 15, 2023

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2023-48537 5.4 - Medium - December 15, 2023

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability

CVE-2023-48536 5.4 - Medium - December 15, 2023

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

XSS

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability

CVE-2023-48535 5.4 - Medium - December 15, 2023

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

XSS

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2023-48534 5.4 - Medium - December 15, 2023

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2023-48533 5.4 - Medium - December 15, 2023

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability

CVE-2023-48532 5.4 - Medium - December 15, 2023

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

XSS

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2023-48531 5.4 - Medium - December 15, 2023

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2023-48530 5.4 - Medium - December 15, 2023

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2023-48529 5.4 - Medium - December 15, 2023

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability

CVE-2023-48528 5.4 - Medium - December 15, 2023

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

XSS

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2023-48527 5.4 - Medium - December 15, 2023

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability

CVE-2023-48526 5.4 - Medium - December 15, 2023

Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

XSS

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability

CVE-2023-48525 5.4 - Medium - December 15, 2023

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

XSS

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2023-48524 5.4 - Medium - December 15, 2023

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2023-48523 5.4 - Medium - December 15, 2023

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2023-48522 5.4 - Medium - December 15, 2023

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2023-48521 5.4 - Medium - December 15, 2023

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2023-48520 5.4 - Medium - December 15, 2023

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2023-48519 5.4 - Medium - December 15, 2023

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2023-48518 5.4 - Medium - December 15, 2023

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2023-48517 5.4 - Medium - December 15, 2023

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2023-48516 5.4 - Medium - December 15, 2023

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2023-48515 5.4 - Medium - December 15, 2023

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2023-48514 5.4 - Medium - December 15, 2023

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2023-48513 5.4 - Medium - December 15, 2023

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2023-48512 5.4 - Medium - December 15, 2023

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2023-48511 5.4 - Medium - December 15, 2023

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability

CVE-2023-48510 5.4 - Medium - December 15, 2023

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

XSS

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability

CVE-2023-48509 5.4 - Medium - December 15, 2023

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

XSS

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2023-48508 5.4 - Medium - December 15, 2023

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2023-48507 5.4 - Medium - December 15, 2023

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2023-48506 5.4 - Medium - December 15, 2023

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2023-48505 5.4 - Medium - December 15, 2023

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2023-48504 5.4 - Medium - December 15, 2023

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2023-48503 5.4 - Medium - December 15, 2023

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability

CVE-2023-48502 5.4 - Medium - December 15, 2023

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

XSS

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2023-48501 5.4 - Medium - December 15, 2023

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability

CVE-2023-48500 5.4 - Medium - December 15, 2023

Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

XSS

Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability

CVE-2023-48499 5.4 - Medium - December 15, 2023

Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

XSS

Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability

CVE-2023-48498 5.4 - Medium - December 15, 2023

Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

XSS

Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability

CVE-2023-48497 5.4 - Medium - December 15, 2023

Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

XSS

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability

CVE-2023-48496 5.4 - Medium - December 15, 2023

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

XSS

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability

CVE-2023-48495 5.4 - Medium - December 15, 2023

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

XSS

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability

CVE-2023-48494 5.4 - Medium - December 15, 2023

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

XSS

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability

CVE-2023-48493 5.4 - Medium - December 15, 2023

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

XSS

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability

CVE-2023-48492 5.4 - Medium - December 15, 2023

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

XSS

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability

CVE-2023-48491 5.4 - Medium - December 15, 2023

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

XSS

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability

CVE-2023-48490 5.4 - Medium - December 15, 2023

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

XSS

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability

CVE-2023-48458 5.4 - Medium - December 15, 2023

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

XSS

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability

CVE-2023-48452 5.4 - Medium - December 15, 2023

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

XSS

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability

CVE-2023-48453 5.4 - Medium - December 15, 2023

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

XSS

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability

CVE-2023-48454 5.4 - Medium - December 15, 2023

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

XSS

Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability

CVE-2023-48455 5.4 - Medium - December 15, 2023

Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

XSS

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability

CVE-2023-48456 5.4 - Medium - December 15, 2023

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

XSS

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability

CVE-2023-48457 5.4 - Medium - December 15, 2023

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

XSS

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability

CVE-2023-48461 5.4 - Medium - December 15, 2023

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

XSS

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability

CVE-2023-48463 5.4 - Medium - December 15, 2023

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

XSS

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability

CVE-2023-48462 5.4 - Medium - December 15, 2023

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

XSS

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability

CVE-2023-48451 5.4 - Medium - December 15, 2023

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

XSS

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD), Icons by Icons8. Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.