Vulnerabilities > Adobe > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-10 | CVE-2020-9741 | Cross-site Scripting vulnerability in Adobe Experience Manager The AEM forms add-on for versions 6.5.5.0 (and below) and 6.4.8.2 (and below) is affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Forms component. | 3.5 |
| 2020-09-10 | CVE-2020-9742 | Cross-site Scripting vulnerability in Adobe Experience Manager AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below) and 6.3.3.8 (and below) are affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Inbox calendar feature. | 3.5 |
| 2020-06-12 | CVE-2020-9644 | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (stored) vulnerability. | 3.5 |
| 2015-10-15 | CVE-2015-7829 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe products Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows mishandle junctions in the Synchronizer directory, which allows attackers to delete arbitrary files via Adobe Collaboration Sync, a related issue to CVE-2015-2428. | 1.9 |
| 2013-11-13 | CVE-2013-5326 | Cross-Site Scripting vulnerability in Adobe Coldfusion Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 9.0 before Update 12, 9.0.1 before Update 11, 9.0.2 before Update 6, and 10 before Update 12, when the CFIDE directory is available, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to the logviewer directory. | 3.5 |
| 2010-05-13 | CVE-2010-1294 | Information Exposure vulnerability in Adobe Coldfusion Unspecified vulnerability in Adobe ColdFusion 8.0, 8.0.1, and 9.0 allows local users to obtain sensitive information via unknown vectors. | 2.1 |
| 2009-08-21 | CVE-2009-1879 | Cross-Site Scripting vulnerability in Adobe Flex SDK 1.5/3.3 Cross-site scripting (XSS) vulnerability in index.template.html in the express-install templates in the SDK in Adobe Flex before 3.4, when the installed Flash version is older than a specified requiredMajorVersion value, allows remote attackers to inject arbitrary web script or HTML via the query string. | 2.6 |
| 2008-03-06 | CVE-2008-0883 | Link Following vulnerability in Adobe Acrobat Reader 8.1.2 acroread in Adobe Acrobat Reader 8.1.2 allows local users to overwrite arbitrary files via a symlink attack on temporary files related to SSL certificate handling. | 3.7 |
| 2006-12-12 | CVE-2006-6483 | Cross-Site Scripting vulnerability in ColdFusion MX Adobe ColdFusion MX 7.x before 7.0.2 does not properly filter HTML tags when protecting against cross-site scripting (XSS) attacks, which allows remote attackers to inject arbitrary web script or HTML via a NULL byte (%00) in certain HTML tags, as demonstrated using "%00script" in a tag. | 2.6 |
| 2006-10-10 | CVE-2006-5199 | Local Information Disclosure vulnerability in Adobe Contribute Publishing Server Adobe Contribute Publishing Server leaks the administrator password in logs that are created during product installation, which allows local users to gain privileges to the server. | 2.1 |