Vulnerabilities > Adobe > Experience Manager > 5.6.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-12-15 | CVE-2016-7885 | Cross-Site Request Forgery (CSRF) vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.2 and earlier have a vulnerability that could be used in Cross-Site Request Forgery attacks. | 8.8 |
| 2016-12-15 | CVE-2016-7884 | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.1 and earlier have an input validation issue in the DAM create assets that could be used in cross-site scripting attacks. | 6.1 |
| 2016-12-15 | CVE-2016-7882 | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.2 and earlier have an input validation issue in the WCMDebug filter that could be used in cross-site scripting attacks. | 6.1 |
| 2016-08-09 | CVE-2016-4253 | Information Exposure vulnerability in Adobe Experience Manager The Backup functionality in Adobe Experience Manager 5.6.1, 6.0, 6.1, and 6.2 allows attackers to obtain sensitive information via unspecified vectors. | 5.3 |
| 2016-08-09 | CVE-2016-4170 | Cross-site Scripting vulnerability in Adobe Experience Manager Cross-site scripting (XSS) vulnerability in Adobe Experience Manager 5.6.1, 6.0, 6.1, and 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
| 2016-08-09 | CVE-2016-4168 | Cross-site Scripting vulnerability in Adobe Experience Manager 5.6.1/6.0.0/6.1.0 Cross-site scripting (XSS) vulnerability in Adobe Experience Manager 5.6.1, 6.0, and 6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
| 2016-02-10 | CVE-2016-0958 | Information Exposure vulnerability in Adobe Experience Manager 5.6.1/6.0.0/6.1.0 Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 might allow remote attackers to have an unspecified impact via a crafted serialized Java object. | 7.5 |
| 2016-02-10 | CVE-2016-0957 | Unspecified vulnerability in Adobe Dispatcher and Experience Manager Dispatcher before 4.1.5 in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 does not properly implement a URL filter, which allows remote attackers to bypass dispatcher rules via unspecified vectors. | 7.5 |
| 2016-02-10 | CVE-2016-0956 | Information Exposure vulnerability in multiple products The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors. | 7.5 |