Vulnerabilities > Adobe > Experience Manager > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-27 | CVE-2018-4875 | Cross-site Scripting vulnerability in Adobe Experience Manager 6.0.0/6.1.0 Adobe Experience Manager versions 6.1 and 6.0 are vulnerable to a reflected cross-site scripting vulnerability related to the handling of malicious content embedded in image files uploaded to the DAM. | 6.1 |
| 2017-12-09 | CVE-2017-3109 | Cross-site Scripting vulnerability in Adobe Experience Manager An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. | 6.1 |
| 2017-12-09 | CVE-2017-11296 | Cross-site Scripting vulnerability in Adobe Experience Manager An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. | 6.1 |
| 2016-12-15 | CVE-2016-7884 | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.1 and earlier have an input validation issue in the DAM create assets that could be used in cross-site scripting attacks. | 6.1 |
| 2016-12-15 | CVE-2016-7883 | Cross-site Scripting vulnerability in Adobe Experience Manager 6.2.0 Adobe Experience Manager version 6.2 has an input validation issue in create Launch wizard that could be used in cross-site scripting attacks. | 6.1 |
| 2016-12-15 | CVE-2016-7882 | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.2 and earlier have an input validation issue in the WCMDebug filter that could be used in cross-site scripting attacks. | 6.1 |
| 2016-12-15 | CVE-2016-6933 | Cross-site Scripting vulnerability in Adobe Experience Manager and Livecycle Adobe Experience Manager Forms versions 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4 have an input validation issue in the AACComponent that could be used in cross-site scripting attacks. | 6.1 |
| 2016-08-09 | CVE-2016-4253 | Information Exposure vulnerability in Adobe Experience Manager The Backup functionality in Adobe Experience Manager 5.6.1, 6.0, 6.1, and 6.2 allows attackers to obtain sensitive information via unspecified vectors. | 5.3 |
| 2016-08-09 | CVE-2016-4170 | Cross-site Scripting vulnerability in Adobe Experience Manager Cross-site scripting (XSS) vulnerability in Adobe Experience Manager 5.6.1, 6.0, 6.1, and 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
| 2016-08-09 | CVE-2016-4169 | Information Exposure vulnerability in Adobe Experience Manager 6.0.0/6.1.0/6.2.0 Adobe Experience Manager 6.0, 6.1, and 6.2 allow attackers to obtain sensitive audit log event information via unspecified vectors. | 5.3 |